On March 8, 2022, the U.S. Department of Justice ("DOJ") announced a settlement in regards to a cybersecurity-related False Claims Act (FCA).  Comprehensive Health Services LLC (CHS) had a contractual requirement to store patients' medical records securely in an electronic medical record system.  From 2012 - 2019, CHS had not consistently met its obligations and agreed to pay $930,000 to resolve allegations CHS violated the False Claims Act.  

The settlement marked the DOJ's first resolution of a False Claims Act case involving cyber fraud since the launch of the department's Civil Cyber - Fraud Initiative.  Also noteworthy, is the fact this case did not involve a specific violation of a FAR or DFARS clause.  Which can lead you to think there may be a very broad spectrum of what is considered cyber fraud under the FCA.  It also shows the DOJ is willing to dedicate resources to cyber fraud cases, so at this point, it would appear the DOJ is taking it seriously.  

If this is what the future of cybersecurity will look like in the government contracting space, then now is the time for government contractors to assess their cybersecurity posture in general and against their contractual requirements.  The use of a third-party consultant to do so helps give an unbiased look at your cybersecurity program so as not to become an example of a cyber FCA case.