On October 6, 2021, the DOJ announced that its Commercial Litigation Branch, Fraud Section is launching a new initiative to hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches. Using the False Claims Act (FCA), the DOJ intends to pursue cybersecurity-related fraud by government contractors and grant recipients. The FCA prohibits and penalizes any individual or entity that “knowingly presents, or causes to be presented, a false or fraudulent claim for payment or approval” that makes, or causes to be made, false records or statements material to a false claim. (31 U.S.C. 3729, et. Seq.) Specific intent is not required for FCA liability. Contractors/grant recipients/subrecipients may also find themselves in violation of the FCA if they act in deliberate ignorance or in reckless disregard of the truth or falsity of the information. To avoid liability, one must never submit a claim to the federal government that one knows (or should know) is false. This includes incorrectly indicating that one is in compliance with contractual, regulatory, or grant requirements.
Read the full story at JD Supra.