The U.S. Department of Justice (DOJ or Department) has published statistics on False Claims Act (FCA) settlements and judgments for fiscal year (FY) 2023, noting that this was the highest number of settlements and judgments in history. Of the more than $2.68 billion in FCA settlements and judgments, a substantial amount ($1.8 billion) was attributable to healthcare fraud, though this year marked a record year for procurement fraud settlements as well.

Historically, procurement fraud has generally represented less than 10 percent of the Department's FCA recoveries. Healthcare recoveries typically represent 65 percent to 90 percent of FCA recoveries, with the remainder attributable to financial, housing and other agency recoveries.

Contributing to the FY 2023 increase was one of the Department's largest procurement settlements ever – to the tune of $377 million. The settlement, reached with a large U.S. defense contractor, resolves allegations that the company violated the FCA by improperly billing commercial and international costs to its government contracts. DOJ alleged that from 2011 to 2021, the company improperly allocated indirect costs associated with its commercial and international business to its federal government contracts – even though the costs had no relationship (i.e., allocability under the Federal Acquisition Regulation (FAR) cost principles) to the U.S. government contracts. The case was brought by a whistleblower who is set to receive nearly $70 million as a portion of the government's recovery.

DOJ also highlighted two additional procurement fraud settlements: a $21.8 million settlement with a manufacturer of communications equipment for military systems and an $8.1 million settlement with a large military aircraft manufacturer. The first settlement, reached in April 2023, resolved allegations that the communications equipment manufacturer violated the FCA by submitting dozens of proposals to the U.S. Department of Defense (DOD) that included the cost of common low-cost items, such as nuts and bolts, twice. As a result, DOJ alleged that the manufacturer knowingly double-charged the government for parts.

The second settlement, reached in September 2023, resolves allegations that the aircraft manufacturer failed to comply with certain contractual manufacturing specifications in fabricating the V-22 Osprey, a tiltrotor miliary aircraft, for the U.S. Navy. DOJ alleged that the manufacturer failed to perform required monthly testing and was not in compliance with other testing requirements.

The second matter was brought by a qui tam whistleblower. Whistleblowers in the DOD segment bring approximately 60 percent of the procurement-fraud cases pursued, around 30 to 40 per year. As a percentage basis, the amount is slightly lower than in healthcare, but in count, procurement fraud qui tam cases are dwarfed by the number of healthcare qui tam suits. There were 40 procurement fraud cases brought by whistleblowers in FY 2023; by contrast, there were 348 qui tam cases brought in the healthcare space. Collectively, this was a record year for FCA suits in general, with more than 1200 suits pursued by the Department.

DOJ also reported settlements reached as a result of the Department's new Civil Cyber-Fraud Initiative, which DOJ launched in October 2021. The effort aims to harness the Department's knowledge in civil fraud enforcement, government procurement and cybersecurity to combat emerging and escalating cyber threats.

DOJ reported two settlements from FY 2023, the first with a company that provides website design and hosting services. In 2013, the company had entered into a contract with a state-created entity that receives federal Medicaid and state funds to provide health and dental insurance. DOJ alleged that the company failed to provide secure hosting of applicant personal information, leaving the website vulnerable to cyberattacks. In December 2020, more than 500,000 applications were revealed to have been hacked, potentially exposing personally identifiable information. The company agreed to pay $293,771 to resolve allegations that it failed to secure personally identifiable information on the federally funded health insurance website.

Additionally, DOJ announced a $4 million settlement reached in September 2023 with a large information technology service provider. The settlement resolved allegations that the provider failed to completely satisfy certain cybersecurity controls on federal contracts to provider-trusted internet connections with the General Services Administration. The settlement is notable in that DOJ provided substantial credit to the company for its cooperation, including identifying individuals responsible for the issues, collecting relevant documents, disclosing facts gathered during its internal investigation attributing facts to specific sources and providing assistance in determining losses. DOJ further credited the company for its swift and comprehensive remedial efforts and risk-based compliance program enhancements. The settlement multiplier was 1.5 times damages, far less than the double to triple damages typically seen in FCA settlements.

In delivering remarks regarding the new statistics at the Federal Bar Association Qui Tam Section Annual Conference, DOJ Principal Deputy Assistant Attorney General Brian Boynton noted:

The department is currently investigating many more cases involving alleged violations of cybersecurity requirements. These cases have come from a variety of sources, including from whistleblowers and from companies making voluntary disclosures.

We continue to encourage companies to take advantage of the government's False Claims Act cooperation policy. It offers companies an opportunity to mitigate their potential liability. It also is the right thing to do for our security.

In partnership with agency inspectors general (IGs), we will continue to dedicate resources to investigating companies that fail to comply with their cybersecurity obligations. We expect these cases to continue to be a significant area of enforcement in the coming years.

DOD Inspector General Robert Storch echoed the focus on cybersecurity fraud in his remarks the following day.

If FY 2023 is any indicator of the future, we will see more procurement fraud cases, in both count and quantity in the coming years: Larger settlements in one segment tend to lead to increases in larger settlements across the segment – a trend often seen in healthcare recoveries where large settlements are now commonplace – and larger settlements tend to lead to awareness of issues and increases in qui tam suits across the segment.