On March 8, the Department of Justice announced that it had reached a settlement with a defense contractor resolving allegations that the contractor had violated the False Claims Act by failing to take sufficient steps to safeguard sensitive information from cyberattacks. Comprehensive Health Services LLC (CHS), a contractor providing medical services in Iraq and Afghanistan, agreed to pay $930,000 to resolve the allegations. CHS provided medical services to the Air Force and State Department between 2012 and 2019. During that time, CHS allegedly submitted claims to the Sate Department to recoup the cost of a secure electronic medical record system to protect the confidential information of American citizens. Despite implementing the EMR system and submitting claims for payment to the government to recoup the cost, CHS personnel allegedly retained personally identifiable information of Defense and State Department personnel on unsecured network drives which were accessible to staff without the need to access that information. When informed of the unsecure practice, CHS allegedly failed to task steps necessary to ensure the information was stored on the secure EMR system.

The resolution of these allegations is the first settlement under the Department of Justice’s new Civil Cyber-Fraud Initiative. The Initiative “aims to hold accountable entities or individuals that put U.S information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

CHS also allegedly sought reimbursement for controlled substances for which it did not have a license to handle. CHS allegedly failed to obtain a DEA license necessary to export controlled substances from the United States to Iraq. CHS was also required to provide medical supplies and controlled substances approved by the FDA and European Medicines Agency. However, the government alleges that CHS falsely represented that some of the substances it provided were approved by FDA and EMA. CHS allegedly accomplished this by requesting physicians in South Africa to prescribe controlled substances not approved by FDA and EMA and having those substances shipped to Iraq. Those substances were then, allegedly, provided to patients under federal government contracts.

The attorneys at Chilivis Grubman represent clients of all types and sizes in connection with False Claims Act investigations and qui tam litigation. If you need assistance with such a matter, please contact us today.