DOJ unveiled its Cyber-Fraud Initiative in October, announcing that it planned to use its civil fraud enforcement authority under the False Claims Act to ensure compliance with contractual cyber-security requirements applicable to government contractors. On March 8, it followed through with an announcement that Comprehensive Health Services, LLC had agreed to pay $930,000 to resolve allegations that it violated the FCA.
While the facts and the settlement amount are not particularly remarkable, it is noteworthy for a couple of reasons. First, this case did not involve a violation of the standard FAR or DFARS clauses governing cyber compliance requirements, which indicates that DOJ is taking a very broad view regarding what cyber-related contractual violations constitute fraud. Second, it demonstrates DOJ’s willingness to devote resources to enforcing cyber-related contract violations under the FCA, even when the alleged facts are not particularly egregious. Finally, DOJ has openly stated that it hopes publicizing its cyber-fraud initiative will encourage whistleblowers to bring cyber-related cases under the False Claims Act qui tam provisions. DOJ’s announcement suggests that it will continue to encourage whistleblowers to report cyber-related violations.
Source:
