Tech entrepreneurs who cover up cyber breaches could be forced to pay triple damages


Written by John Hewitt Jones

Tech contractors who do not disclose cybersecurity breaches could face hefty fines of up to three times the amount their failure is costing the government, in a lawsuit by the Ministry of Justice. Justice (DOJ).

The DOJ last week announced a new cyber-civil fraud initiative, in which it intends to use the False Claims Act (FCA) to prosecute contractors working with federal government agencies – as well as Federal grant recipients – who do not report incidents in which their systems are compromised.

The FCA was first enacted in 1863 in response to fraud by defense contractors during the Civil War. It was amended in 1986 to further encourage whistleblowers to report allegations of fraud.

Under the FCA, anyone who submits false records to the government can be forced to pay triple the damages caused to the government by fraudulent contract submissions. The offending entity may also be subject to a civil fine of up to $ 10,000.

Tech companies working with some government departments are already subject to strict disclosure requirements regarding cybersecurity breaches. For example, Section 204.7302 of the Federal Defense Acquisition Supplement requires companies to “promptly report cyber incidents directly to the Department of Defense (DOD).” The DOD defines “quick report” as within 72 hours of discovery.

In a press release announcing the new initiative last week, the DOJ said it would seek to compel “contractors and beneficiaries to meet their commitments to protect government information and infrastructure.” The move comes as lawmakers consider new measures to step up pressure on private sector companies and government agencies to ensure timely disclosure of cyber breaches.

Legal sources speaking to FedScoop said it was not clear how aggressive the Justice Department’s new enforcement campaign would be and precisely how penalties for a company’s failure to notify would be assessed. .

The False Claims Act imposes a separate penalty for each violation of the law, which can add up to tens of thousands – or in some cases millions – of dollars.

In March of this year, a federal appeals court upheld a $ 111 million award to the government and a whistleblower in a case against BlueWave Healthcare Consultants. The complaint alleged that the defendants paid bribes to trick doctors into ordering medically unnecessary tests, which were ultimately paid for by Medicare and Tricare.

The Cyber-Civil Fraud Initiative is led by the Commercial Litigation Division of the Civil Division, Fraud Section, at DOJ. This is a direct result of the ministry’s ongoing comprehensive cyber review, which was ordered by Deputy Attorney General Lisa Monaco in May.

Congress is currently reviewing the Cyber ​​Incident Reporting Act and the Federal Information Security Modernization Act of 2021.

Leave A Reply

Your email address will not be published.