- Verizon Cooperates with DOJ related to Cybersecurity Allegations
- Justice Department Demonstrates its Focus on Part C Fraud with Martin’s Point $22.5 M Settlement
- DOJ, BIS and OFAC Issue Tri-Seal Compliance Note
- Booz Allen Pays $377 M to Settle Improper Indirect Cost Allegations
- NextGen’s $31 M Settlement of an Alleged False Certification and a Kickback Violation
- Things Just Got Interesting: A Disclosure, A Lawsuit and A False Claims Act Settlement
- Genotox resolves AKS parallel investigation with the DOJ
- Self-Disclose to Avoid Self-Sabotage: Clarifying DOJ’s Criminal Corporate Self-Disclosure Policy for US Attorney Offices
- With Recent Enforcement Action, DOJ and FTC Join the FCC in Targeting the Use of Ringless Voicemails
- DePuy Agrees to Pay $9.75 Million in FCA Kickback Investigation
- False Claims Act
- Department of Justice (DOJ)
- Anti-Kickback Statute
- Financial Institutions
- Corporate Criminal Enforcement
- White Collar & Investigations
- Procurement Fraud
- Consumer Protection
- Cooperation Credit
- Medicare Fraud
- Bank Exam Privilege
- Paycheck Protection Program
- Stark Law
White Collar + Fraud + Investigations + Compliance
Last week, the DOJ announced a settlement between Aerojet Rocketdyne Inc. (“Aerojet”) and, relator, Brian Markus, related to allegations that Aerojet violated the False Claims Act (“FCA”) by misrepresenting its compliance with cybersecurity requirements in certain federal government contracts. There a few interesting things to note here.
First, despite the Government’s clear interest in this area evidenced by the Department’s Civil Cyber-Fraud Initiative, the DOJ declined to intervene in the matter. Second, the parties settled this matter only after the Court declined to dismiss this case at the Summary Judgment stage. Notably, it appears that Aerojet disclosed its noncompliance to the Government. The Court considered this fact, but also noted that “these disclosures hold less weight when they are incomplete.” Memorandum and Order Re: Cross-Motions For Summary Judgement, U.S. ex rel. Markus v. Aerojet Rocketdyne Holdings, Inc., No. 2:15-cv-02245 (E.D. Cal.), at 11. As such, the Court held that there was a “[a] genuine dispute of material fact . . . as to the sufficiency of the disclosures about the 2013 breaches and information gathered in audits done by outside firms.” See id. at 14.
In other words, it was simply not enough that Aerojet disclosed failings in its cybersecurity: Aerojet was responsible for disclosing enough information so that Government stakeholders had the “full picture” of its noncompliance.
Though the DOJ declined to intervene, in my view, this case provides helpful insight into the types of disclosures that may be necessary for entities that do business with the Government, especially in the cybersecurity context.
I will be publishing a client alert shortly that includes a more fulsome discussion of this case and other issues to consider related to FCA cybersecurity disclosures. But, in the interim, please find a link to the press release announcing the settlement below.