Lexology September 5, 2025
Sheppard Mullin Richter & Hampton LLP

The inexorable expansion of the False Claims Act (“FCA”) to cover virtually all types of cybersecurity breaches and violations – to include allegedly poor practices and failure to fully adhere to security controls – continues. At one time, an organization might have thought that it was unlikely to face a potential FCA investigation and litigation relating to its cybersecurity practices. That day is long past. Two recent FCA settlements illustrate the expansion: one is the first cybersecurity FCA settlement relating to healthcare Quality System Regulations (“QSR”) and the other involves the first settlement with a defense contractor that also pulls in its private equity owner.

A Brief History of FCA Cybersecurity Enforcement

Four years ago, the Department of Justice (“DOJ”)...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Provider, Technology
Related Articles:
OT–IT Cybersecurity: Navigating The New Frontier Of Risk
STAT+: Hospitals and Epic demand better security for patient records
‘Complexity is where cyber risk tends to grow’
Researchers broke every AI defense they tested. Here are 7 questions to ask vendors.
Your Organization Isn’t Cyber Ready... It Just Thinks It Is

Share Article