In recent weeks, there has been an uptick in news of cyber-related False Claims Act (“FCA”) activity. For example, on September 1, 2023, the court unsealed a qui tam lawsuit against Penn State University relating to allegations of non-compliance with Department of Defense (“DoD”) cybersecurity obligations. Separately, on September 5, 2023, the Department of Justice (“DOJ”) announced a multi-million dollar FCA settlement with Verizon under its Civil-Cyber Fraud Initiative (which focuses on leveraging the FCA to pursue cybersecurity related fraud by government contractors and grant recipients, as we previously discussed here). These and other cases suggest—as many had been speculating—that the number of enforcement actions and publicity associated with previously-sealed qui tam cases will continue to increase. They also signal that contractors and universities should brace for additional scrutiny and potential whistleblower claims in this area.Continue Reading Recent Cyber-Related False Claims Act Activity Signals Contractors and Universities Should Examine Their Cybersecurity Practices and Brace for an Uptick in Enforcement
False Claims Act
Supreme Court Clarifies that Subjective (Not Objective) Knowledge of Falsity of Claim Dictates False Claims Act Liability
On June 1, 2023, the Supreme Court issued a unanimous decision holding that the scienter element of the False Claims Act (“FCA”) is met if a defendant subjectively knew his or her claims were false and submitted them anyway. See United States ex rel. Schutte v. SuperValu Inc. and United States ex rel. Proctor v. Safeway. The Court’s ruling was narrow and avoided the more challenging—and common—issues raised during oral argument (which we blogged about previously).Continue Reading Supreme Court Clarifies that Subjective (Not Objective) Knowledge of Falsity of Claim Dictates False Claims Act Liability
CMS Proposes to Amend Overpayment Rule, Remove Potential Overpayment and False Claims Act Liability for Mere Negligence
The Centers for Medicare and Medicaid Services (“CMS”) has issued a proposed rule which would amend the existing regulations for reporting and returning identified overpayments (the “Proposed Rule”). Specifically, with respect to the meaning of “identification” of overpayment, CMS proposes to eliminate the “reasonable diligence” (or traditional negligence) standard and replace it with the False Claims Act’s (“FCA’s”) standard of “knowing” and “knowingly” (i.e., reckless disregard or deliberate ignorance of a potential overpayment).Continue Reading CMS Proposes to Amend Overpayment Rule, Remove Potential Overpayment and False Claims Act Liability for Mere Negligence
DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance
On Wednesday, October 6, 2021, the Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provid[e] deficient cybersecurity products or services, knowingly misrepresent[] their cybersecurity practices or protocols, or knowingly violat[e] obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud. Under the False Claims Act, penalties for such violations could be substantial, including treble damages.
Continue Reading DOJ Announces Civil Cyber-Fraud Initiative To Enforce Contractor Cybersecurity Compliance