In October 2021, the U.S. Department of Justice announced the launch of its new Civil Cyber-Fraud Initiative, which aims to hold government contractors and grant recipients accountable for cyber-related fraud under the False Claims Act.

Two recent developments provide insight into how the Justice Department will pursue cases under this new initiative, and reveal the broad conception of cyber fraud the Department is advocating in such cases.

  • Comprehensive Health Services LLC: On March 8, 2022, the Justice Department announced its first settlement under the Civil Cyber-Fraud Initiative.  Comprehensive Health Services, LLC, a global medical services provider, agreed to pay $930,000 to resolve allegations that it falsely represented to the federal government that it had consistently stored patient records on a secure electronic system.  The Justice Department intervened in the matter, which was brought originally by private whistleblowers, despite the fact that no breach of data was alleged to have occurred.
  • Aerojet RocketDyne Holdings, Inc.: On February 1, 2022, a federal court in the Eastern District of California mostly denied summary judgment to Aerojet Rocketdyne Holdings Inc., a defense and aerospace company that is alleged to have falsely represented its compliance with cybersecurity standards for government contractors.  The Justice Department filed a Statement of Interest that was largely adopted by the district court to reject Aerojet’s arguments that its alleged non-compliance was immaterial and did not harm the government.

Please click here to read the full alert memorandum.