HIPAA Data Breach Costs Company Nearly $300,000 In DOJ False Claims Act Settlement

Stacy L. Cook and Iqra Mushtaq of Barnes & Thornburg LLP write:

On March 14, 2023, the U.S. Department of Justice (DOJ) announced the settlement of a case involving alleged violations of the False Claims Act (FCA) as a result of cybersecurity failures and breach of HIPAA-protected health information. Obtained under the Civil Cyber-Fraud Initiative, this settlement emphasizes that HIPAA business associates that have government contracts can face FCA penalties from federal law enforcement in addition to the monetary penalties pursued by the Office for Civil Rights, which enforces HIPAA.


The Civil Cyber-Fraud Initiative, established in October 2021, is led by the DOJ’s Civil Fraud Section and focuses on using the FCA to hold accountable entities or individuals that put U.S. information or systems at risk by knowingly failing to comply with required cybersecurity standards, misrepresenting cybersecurity controls and practices, failing to monitor cybersecurity systems, and failing to timely report cyber incidents and breaches. The DOJ announced its first settlement under the initiative on March 8, 2022.

Read more at National Law Review.

About the author: Dissent

Comments are closed.