(212) 292-4573 tmcinnis@mcinnis-law.com

HOW TO REPORT CYBER SECURITY FALSE CLAIMS FRAUD

Did you know the Department of Justice introduced a new IT cyber security false claims initiative in 2021?

You might benefit from this IT cyber security false claims program if you report government contractors and grantees who didn’t protect sensitive electronic data from hackers. Reporting such activities in the right way could entitle you to a monetary reward.

What kinds of misconduct is covered by the government’s IT cyber security false claims initiative?

Broadly speaking, it falls into two categories. The first concerns government IT contractors, consultants and auditors who were supposed to provide protection against unauthorized access to government networks, hardware, devices, computer systems, software and electronic files and who knowingly provided substandard cyber security products or monitoring services and then submitted false claims to the government.

The other involves ordinary government contractors and grant recipients, such as those in the defense, aerospace, NASA, GSA and healthcare industries, who don’t meet acquisition and contracting regulations (like FARS, DFARS , NASA FARS, NIST, CMMC, FedRAMP, and HIPAA) requiring them to adequately monitor and provide a certain level of security for the sensitive government data they handle when performing under their contracts. Often the data at stake is unclassified controlled technical information (UCTI), sensitive but unclassified information (SBU), personally identifiable information (PII), personal health information (PHI), or other types of confidential information.

Who might be in a position to bring a cyber security case against an IT Contractor?

The ideal combination is someone who is knowledgeable about the IT products and services, the regulatory and contractual requirements, and the facts concerning the fraud, including, possible security breaches and the failure to accurately report them when submitting false claims to the government. For example, someone who works in a cyber security, compliance and controls unit of a government contractor may be in a good position to bring a successful case.

What do you need to do to benefit from the government’s cyber security fraud initiative?

You can bring a “qui tam” lawsuit under the False Claims Act against the contractor or grantee. If your case is successful and the defendant returns money to the government, you could be entitled to between 15% and 30% of the recovery. To do so, you must hire an attorney and file a lawsuit in federal court. If you even suspect some organization is submitting false claims to the government and think you may want to report it you should immediately contact an experienced and trusted whistleblower attorney to protect your rights.