I was recently interviewed on the Healthcare Strategies podcast about how the Department of Justice (DOJ) is enforcing the Civil Cyber-Fraud Initiative to hold healthcare organizations accountable for cybersecurity matters. The Initiative, launched by DOJ in October 2021, utilizes the False Claims Act (FCA) to take action against entities that knowingly provide insufficient data security measures.
Speaking about the inception of the DOJ’s Civil Cyber-Fraud Initiative, I explained that “this is the DOJ’s effort to more formally promote proactive steps in an effort to avoid cybersecurity concerns, at the outset, for those who do business with the government.” I added that the Initiative was created to “pursue FCA liability against government contractors in the cybersecurity space … the Initiative seeks to hold accountable the entities and individuals who put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services; knowingly misrepresenting their cybersecurity protocols that they have in place; or knowingly violating obligations to monitor and report cybersecurity incidents or breaches.”
I discussed the recent case in which DOJ settled for $930,000 with a healthcare government contractor for noncompliance with cybersecurity requirements. The government saw this case as a compliance failure although there was no actual security breach and demonstrates the government’s tenacity in pursuing allegations of fraud under this initiative.
The podcast episode, “Assessing How New DOJ Cybersecurity Efforts May Change the Face of HIT Security,” was released by the Healthcare Strategies podcast on May 2 and is available online or wherever you get your podcast content.”
A recap of the podcast is available in the article “The Impact of the Civil Cyber-Fraud Initiative on HIT Security,” released by Healthcare Exec Intelligence and is available online.