DOJ Announces New Guidance Tackling Ransomware Attacks

A memo released by the Department of Justice was announced by Deputy Attorney General Lisa O. Monaco. The memo outlines the launch of the Civil Cyber-Fraud Initiative. It will leverage the existing mission and expertise that the agency has in civil fraud matters and cybersecurity to defend against new cyber threats that can compromise sensitive information on systems by expanding the scope of the False Claims Act’s civil fraud and whistleblower requirements to companies or individuals that receive federal funds. The existing False Claims act is used to “redress false claims for federal funds and property involving government programs and operations.”

The goal of the initiative is to hold companies and individuals accountable if they engage in risky behaviors or security practices that can provide insufficient protections for cybersecurity products or services or violate reporting obligations if there is a security incident or data breach. Some other claimed benefits are to build broad resiliency across the government and its partners, support expert’s efforts to identify and publicize patches or new vulnerabilities and improve the overall cybersecurity practices to benefit the government and the public.

Under the new initiative, if a contractor or recipient cannot demonstrate that they took reasonable measures and performed due diligence to protect the sensitive information, especially in cases where a data breach or security incident is not reported, the violator will be subject to charges of fraud under the False Claims Act by the U.S. Government. This will likely push those that do business with the government to reassess their current control measures and reporting mechanisms to ensure they are shielded against being charged under this initiative.

Please see below for more information:

Featured Posts