What is Cyber Fraud under the DOJ’s New Cyber Fraud Initiative?
Department of Justice Civilian Cyber Fraud Initiative
One thing that we find really interesting is the Department of Justice report [DOJ] new civilian cyber fraud initiative. What we find so interesting is that the DOJ often has initiatives. When I [Renée] I was at the DOJ, I ran the Big Lender Initiative which was part of the Financial Fraud Enforcement Task Force after the Great Financial Crisis, and we investigated and sued most of the big banks for making bad mortgages, in simple terms.
It was a huge initiative. Eva worked on the Big Pharma initiative that the DOJ had for a number of years involving kickback programs and “off-label” marketing. An initiative involves the DOJ devoting a great deal of attention, money, resources, and effort to that particular area or line of business. At this particular time after the financial crisis, there was really an effort to hold the banks accountable and also to recoup federal dollars that were misspent on various home insurance programs. In the financial initiative, it was really an effort to ensure that the mortgage insurance mutual was solvent for the first time in history. She was in danger of going bankrupt. There have been initiatives before, but this is the first time that even I have seen the DOJ launch an initiative and make a huge call for whistleblowers. It’s just not something they do. Of course, the DOJ is often motivated by whistleblower cases. In this case, in October of last year, the DOJ made several announcements to the press and was very vocal.
One of Main Justice’s deputy directors spoke on a podcast about cyber fraud. I posted something on LinkedIn with a picture of Uncle Sam saying, “Uncle Sam wants you.” And that’s exactly what the DOJ does. They are talking. They are looking for people who have worked in the government contract space, in particular, who are aware of cybersecurity breaches.
Cyber Fraud Category 1: Providing Inadequate Government Cyber Security
There are two big buckets of cyber fraud. One is if someone who works for a company that has a government cybersecurity contract, in other words, it is the purpose of the government contract to provide cybersecurity actions for the government. They are interested and want whistleblowers to come out of the woodwork and report that their employer knew they were not meeting these contract terms or complying with other government regulatory requirements. And cybersecurity requirements are many. I recently spoke at a panel with three other lawyers, and we looked at the new cybersecurity requirements. Sometimes fraudsters take money for cybersecurity protections and don’t use the funds as intended. It’s a bucket, but a whole other bucket, which is much larger, is made up of many, many government contracts that require cybersecurity protection of government information.
Cyber Fraud Segment 2: Failing to Meet the Cybersecurity Requirements of a Contract
In other words, not every contract always involves a cybersecurity contract. It is implicit in many contracts that you are going to have government data. If you contract with the government, you might be sitting in a government facility, working side-by-side with someone at the Pentagon, or you have access to government information because it’s part of what you do as part of of the contract .
Of course, you need to make sure that while you have government information or any project you work on for the government, you have good cybersecurity protections. If you violate any of these cybersecurity rules that are part of most government contracts, you may also be liable under the False Claims Act.
How does an initiative affect whistleblower claims?
While a cyber fraud initiative is in place, if you are a whistleblower and have inside information about cyber fraud, what can you expect if you approach the DOJ?
You will go to the top of the stack. You are literally the lead case on the DOJ attorney’s desk. They cleaned up everything else. We are aware of this from the podcast Renee just talked about, that the DOJ has a committed unit. They have a committed deputy director and other committed individuals who are going to prioritize the investigation and enforcement of cybersecurity breaches.
This is somewhat unprecedented, but in terms of DOJ initiatives, whether internal or external, you can assume that your case will receive the attention it needs in real time. And that says a lot because when you think about these whistleblower programs, there are hundreds of cases that are filed every year, and there’s already a record of hundreds and hundreds and hundreds of cases that are filed and outstanding.
Cybersecurity also encompasses healthcare companies
To briefly summarize, when we talk about cybersecurity, it’s not just about companies that provide security services. It’s really the protection of all the information you handle on behalf of the government, most of which is now stored electronically. So even health records now have to be stored in what is known as an electronic health record or EHR format. There are a number of vendors that are transitioning health records to an electronic format in the government procurement space. Most of this work is now done and has been done electronically. Then the question becomes what is this government contractor doing to protect this information that is on an electronic network? And how do they keep this information private and secure?
What we see in this space is a combination of things. On the one hand, it may be a deficient cybersecurity system. Basically, the system has flaws and shortcomings. For example, you can log into your computer without a password at work, which is pretty obvious: anyone can access my desktop and access the information stored there. That would be deficient cybersecurity protection for government information.
Another way to think about it is the misrepresentation of their cybersecurity sophistication. Government contractors are now required to represent the government before being awarded any type of contract, whether it is to build submarine parts or provide national security services or manufacture bulletproof glass , they are required to make certain representations to the government that they have the necessary cybersecurity infrastructure, they have allocated the necessary money, personnel and resources, and will dedicate the time necessary to provide these protections.
If they misrepresent their abilities in this regard, it could result in a violation of the False Claims Act. In fact, that’s what the Deputy Attorney General specifically called a possible violation of the misrepresentation law.
The last type of cyber fraud, and this actually applies to everything we’ve talked about: the company is aware that it is doing something wrong and has done nothing to correct it. It may also result in a violation of the False Claims Act; this is called a reverse misrepresentation. In a reverse misrepresentation, a business withholds government funds to which it otherwise knows it is not entitled, because it cannot perform the contract, or cannot provide the service or product that it is entitled to. ‘She promised the government they would deliver. There are so many different layers, which again brings this full circle back to why there is a lot of efficiency and importance in finding misrepresentation law expertise and other lawyer whistleblower programs.
Comments are closed.