In August, the United States filed a Complaint-in-Intervention in a False Claims Act (FCA) whistleblower suit alleging that the Georgia Institute of Technology (“Georgia Tech”) and an affiliate, Georgia Tech Research Corp. (GTRC), violated cybersecurity requirements in connection with Department of Defense (DOD) contracts.
The complaint and accompanying press release reflect the Department of Justice’s (DOJ’s) heightened focus on using the FCA to address cybersecurity issues. The DOJ’s Civil Cyber-Fraud Initiative, designed to combat new and emerging cyber threats to sensitive information and critical systems, uses the federal FCA to pursue cyber-related fraud by government contractors and grant recipients.
The U.S. government joins a case originally filed in 2022 by two qui tam whistleblowers, both senior members of Georgia Tech’s cybersecurity compliance team. Both complaints allege that the defendants failed to comply with federal cybersecurity requirements and attempted to obscure this failure by submitting false claims to the government.
On July 13, 2023, the White House issued the first iteration of its National Cybersecurity Strategy Implementation Plan (the “Implementation Plan”), which will be updated annually. The two overarching goals of the Implementation Plan are to address the need for more capable actors in cyberspace to bear more of the responsibility for cybersecurity and to increase incentives to make investments in long-term resilience. The Implementation Plan is structured around the five pillars laid out in the White House’s National Cybersecurity Strategy earlier this year, namely: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. The Implementation Plan identifies strategic objectives and high-impact cybersecurity initiatives under each pillar and designates the federal agency responsible for leading the initiative to meet each objective. The following summarizes some of the key initiatives included in the Implementation Plan that will directly impact critical infrastructure organizations, including healthcare, energy, manufacturing, information technology and financial services.
Blog Editors
Recent Updates
- OCR Withdraws Appeal of District Court Order Declaring Unlawful and Vacating the “Proscribed Combination” Portion of Its HIPAA Online Tracking Technologies Guidance
- As the Window for Comments Closes on ONC/ASTP’s HTI-2 Proposed Rule: What’s in HTI-2 and What Does It Mean for You?
- Unpacking Averages: Assessing FDA’s Postmarket Surveillance Under Section 522
- Video: New State Legislation Increases Oversight of Health Care Transactions – Thought Leaders in Health Law
- Video: New HIPAA Final Rule - Key Changes to Reproductive Health Care Privacy – Thought Leaders in Health Law