The False Claims Act and cybersecurity: Are third-party vendors putting you at risk?


A government supplier law written over a century ago may seem outdated in the digital age, but it may be putting your company at risk. Recent court rulings related to the 1863 False Claims Act have broad ramifications for cybersecurity, and your organization needs to understand how it may be impacted.

DevOps Connect:DevSecOps @ RSAC 2022

What is the False Claims Act?

Enacted before the electric bulb and the telephone were invented, the False Claims Act is a whistleblower law allowing any individual to sue a person or entity defrauding the government. The plaintiff can recover damages on behalf of the government and receive a percentage of the settlement as a result. The law also protects the plaintiff from retaliation by the defendant, including being fired from the job.

President Lincoln was highly in favor of the law, whose purpose at the time was to fight fraud by vendors selling supplies to the Union Army during the Civil War. The act contains a provision called “qui tam,” a short version of a Latin phrase that translates roughly as “he who brings an action for the king as well as for himself.”

The liabilities under the law fall in three general categories:

  • Presenting a false claim for payment
  • Using a false statement for getting a claim paid
  • Reversing false claims

The US Congress revised the act in 1943, making lawsuits less appealing due to the reduced damages that could be awarded. But it reversed to the original provision in the 1980s to encourage more whistleblowers to spend their own money to investigate fraud against the government. 

Reportedly, more than 13,000 qui tam cases have been filed in the last two-plus decades, enabling federal and state agencies to recover more than $55 billion in settlements and fines. In FY2019 alone, the total was more (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Infosec. Read the original post at: