Protecting taxpayer money is one of the most important purposes of the False Claims Act. A false claim against the federal government is sometimes clear to see from a whistleblower’s standpoint, such as when unrendered services are billed to Medicare. But cybersecurity is becoming an increasingly important vulnerability for the federal government and the watchful eyes of whistleblowers who understand the complexities of information technology are needed more than ever.
This year, a botched security update by Crowdstrike cost an estimated $5.4 billion while taking computers at airports, hospitals and financial institutions offline, grounding flights and causing other disruptions. Change Healthcare was hacked by cybercriminals, disrupting healthcare payments and medical services across the country and causing more than $16 billion in damages. There was also a breach that may have compromised the Social Security number of every U.S. citizen.
As Keller Grover attorney Kate Scanlan points out in a recent article for the TAF Coalition, these three examples did not involve governmental entities but they nonetheless illustrate how all computer systems are vulnerable, including those operated by the federal government. An 2021 Executive Order noted that “the security of software used by the Federal Government is vital to the Federal Government’s ability to perform its critical functions,” and “there is a pressing need to implement more rigorous and predictable mechanisms for ensuring that products function securely, and as intended.” The next year, the White House said the federal government is increasingly reliant “on information and communications technology (ICT) products and services to carry out critical functions.”
Last fiscal year, IT was the fifth-largest service procurement for agencies other than the Defense Department, totalling $10.2 billion. To protect that investment from cybercrime and preventable breaches, the federal government launched the Civil Cyber-Fraud Initiative, which includes pursuing False Claims Act liability for companies that falsely certify compliance with cyber security requirements. When whistleblowers who spot noncompliance with security standards step forward to report wrongdoing, they are helping prevent a future breach or attack that can not only cost taxpayers money but expose their private and personal data.
In three years since the Justice Department launched the initiative, it has led to nearly $30 million in recoveries and at least $5 million paid to whistleblowers who’ve come forward with information about cybersecurity fraud. In the initiative’s first full year, 2022, the government recovered $9 million when Aerojet Rocketdyne, Inc. resolved allegations that it had misrepresented its compliance with cybersecurity requirements in certain government contracts. Last year, Verizon Business Network Services paid slightly more than $4 million to settle claims that it failed to implement required cybersecurity controls in its Managed Trusted Internet Protocol Service (MTIPS) provided to federal agencies.
As Kate wrote in her article, relying on whistleblowers to alert the government about inadequate cyber security is a proverbial ounce of prevention when we know it costs billions for a cure. For those who want to report such wrongdoing, it’s critical to engage a whistleblower attorney early in the process. With more than 30 years of combined experience litigating fraud and employment cases — and billions in recoveries for its clients — Keller Grover is uniquely positioned to represent whistleblowers.
If you want to report cybersecurity fraud in your organization, we are here to help. For advice about how to handle suspected fraud, contact Keller Grover for a free and confidential consultation.