This article originally appeared in Law360 on November 3, 2021.
Sidley lawyers Brenna Jenny and Sujit Raman recently published an article in Law360 entitled How To Minimize FCA Cyber Fraud Enforcement Risk, which analyzes the implications of DOJ’s recent formation of a Civil Cyber-Fraud Initiative to use the FCA to pursue cybersecurity-related fraud. Although the Initiative focuses generally on government contractors and grant recipients—and does not, by its terms, impose any new cybersecurity requirements—the project promises in particular to attract whistleblowers in the defense industry, as recent years have witnessed high-profile FCA cases implicating alleged cybersecurity non-compliance in that sector. The healthcare industry may also see a marked increase in cybersecurity-related qui tams, especially in light of a recent Department of Health and Human Services Office of Inspector General report taking the Centers for Medicare & Medicaid Services to task for failing to hold hospitals accountable for the cybersecurity of their networked devices. Healthcare providers and medical device manufacturers, in addition to other government contractors and grantees, would do well to heed DOJ’s warning that “cybersecurity failures…are prime candidates for potential False Claims Act enforcement.”