Bass, Berry & Sims attorneys Jeff Gibson and John Eason authored an article for ABA Health eSource, published by the American Bar Association’s Health Law Section, that details the expanded focus on cybersecurity activities by the Department of Justice (DOJ) with the Civil Cyber-Fraud initiative.

According to the DOJ, the initiative was launched to “hold accountable entities or individuals that put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

“With the new initiative, the DOJ has pledged to pursue FCA [False Claims Act] liability against government contractors and grant recipients in the cybersecurity space,” the authors wrote. “Many healthcare organizations, of course, are already subject to the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule (45 C.F.R. Part 164 Subpart C) and are all too familiar with the costs and legal risks stemming from cyberattacks and data breaches. But the Civil Cyber-Fraud Initiative brings a significant new enforcement dimension in the form of the FCA.”

The attorneys offered insight on some of the federal government’s first FCA enforcement actions in the cybersecurity space, including the first against a healthcare entity, and shared takeaways for healthcare providers and contractors – namely to ensure that cybersecurity programs are in line with industry standards and any applicable government requirements.

The full article, “DOJ Expands Civil Enforcement Focus into Cybersecurity,” was published in the August 2022 issue of ABA Health eSource and is available online.