In recent weeks, there has been an uptick in news of cyber-related False Claims Act (“FCA”) activity. For example, on September 1, 2023, the court unsealed a qui tam lawsuit against Penn State University relating to allegations of non-compliance with Department of Defense (“DoD”) cybersecurity obligations. Separately, on September 5, 2023, the Department of Justice (“DOJ”) announced a multi-million dollar FCA settlement with Verizon under its Civil-Cyber Fraud Initiative (which focuses on leveraging the FCA to pursue cybersecurity related fraud by government contractors and grant recipients, as we previously discussed here). These and other cases suggest—as many had been speculating—that the number of enforcement actions and publicity associated with previously-sealed qui tam cases will continue to increase. They also signal that contractors and universities should brace for additional scrutiny and potential whistleblower claims in this area.Continue Reading Recent Cyber-Related False Claims Act Activity Signals Contractors and Universities Should Examine Their Cybersecurity Practices and Brace for an Uptick in Enforcement

On February 8th, the U.S. Department of Justice (DOJ) quietly issued new guidance on how the agency evaluates corporate compliance programs during fraud investigations. The guidance, published on the agency’s website as the “Evaluation of Corporate Compliance Programs,” lists 119 “sample questions” that the DOJ’s Fraud Section has frequently found relevant in determining whether to bring charges or negotiate plea and other agreements. The February 8th issuance is the agency’s first formal guidance under the new presidential administration, and the latest effort by the DOJ’s “compliance initiative,” which launched at the hiring of compliance counsel expert Hui Chen in November 2015. The new guidance is particularly valuable for healthcare organizations in light of the agency’s heightened efforts to prosecute Medicare Advantage plans for fraudulent reporting under the False Claims Act.
Continue Reading DOJ Issues New Guidance on the Evaluation of Corporate Compliance Programs in Federal Fraud Investigations

The U.S. Department of Justice (DOJ) has joined a whistleblower lawsuit, United States of America ex rel Benjamin Poehling v. Unitedhealth Group Inc., No. 16-08697 (Cent. Dist. Cal. Sep. 17, 2010), ECF No. 79, against UnitedHealth Group (United) and its subsidiary, UnitedHealthcare Medicare & Retirement—the nation’s largest provider of Medicare Advantage (MA) plans. The suit accuses United of operating an “up-coding” scheme to receive higher payments under MA’s risk adjustment program called the HCC-RAF Program (see below). The complaint alleges that United fraudulently collected “hundreds of millions—and likely billions—of dollars” by claiming patients were sicker than they really were. The suit was originally filed in 2011 by a former United finance director under the False Claims Act (FCA), which allows private citizens to sue those that commit fraud against government programs. Pursuant to the FCA, the case was sealed for five years while the DOJ investigated the claims.
Continue Reading Justice Department Joins Whistleblower Suit Accusing UnitedHealth Group of Overcharging Medicare by “Hundreds of Millions”