Constantine Cannon Partner Gordon Schnell Published in Washington Technology on DOJ's Enforcement Crusade Against Cybersecurity Fraud
On Wednesday (October 28), government contracting magazine Washington Technology published a commentary by Constantine Cannon whistleblower partner Gordon Schnell on the recent string of False Claims Act enforcement actions DOJ has brought against government contractors for cybersecurity failures.
As Schnell points out, the most recent of these actions is last week’s DOJ settlement with Penn State University for allegedly failing to comply with the cybersecurity requirements under its DoD and NASA contracts. And in August, DOJ filed a False Claims Act case against Georgia Tech alleging some of the same types of cybersecurity violations with the university’s DoD contracts.
But Schnell stresses the government’s cybersecurity enforcement priority extends to protecting all kinds of sensitive information, not just defense information. In June, for example, DOJ reached an $11.3 million False Claims Act settlement with Guidehouse and Nan McKay and Associates for allegedly failing to protect personal identifying information under their federal rental assistance contracts. And in May, DOJ reached a $2.7 million settlement with Insight Global for allegedly failing to implement adequate cybersecurity measures to protect personal health information under its government healthcare contract.
These actions all flow from DOJ’s Cyber-Fraud Initiative which targets federal contractors that put sensitive information at risk through faulty cybersecurity products and practices. As Schnell notes, it is an enforcement priority with extra heft because of the powerful financial incentives the False Claims Act provides whistleblowers to step forward. Which likely explains why whistleblowers originated all these recent enforcement actions with more to come for sure.
DOJ has heavily promoted the role these whistleblowers have played and the rewards they have received in initiating these cybersecurity actions. Schnell says DOJ is sending two messages here: one to cybersecurity whistleblowers to encourage them to step forward; the other to government contractors to ensure their cybersecurity protocols are up to snuff. The bottom line for Schnell in all this is “those that do business with the government would be wise to get their data protection systems in order or they may find themselves next up on DOJ’s cybersecurity hit list.”
You can read Schnell’s Washington Technology commentary here.