Cybersecurity and the False Claims Act
Overview
Crowell helps companies that do business with the government respond to the U.S. Department of Justice’s (DOJ) recent efforts to use the False Claims Act (FCA) in addressing alleged cybersecurity noncompliance through its Civil Cyber-Fraud Initiative. We have been at the forefront of this issue since its inception, and are one of the only firms that is a leader in all relevant practice areas: FCA investigations and litigation; Cybersecurity; and Government Contracts.
Insights
Client Alert | 3 min read | 08.26.25
On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:
Firm News | 11 min read | 06.05.25
Client Alert | 2 min read | 06.26.24
Another One: It Pays to Consult the DOJ under the Civil Cyber Fraud Initiative
Client Alert | 3 min read | 05.07.24
Representative Matters
- Represented a health care contractor in an FCA investigation conducted by DOJ’s Civil Fraud section, a U.S. Attorney’s Office, and the Offices of Inspector General for the Department of Defense. We defended our client against allegations of fraudulently certifying compliance with various cybersecurity requirements in contracts for administering federal health care programs.
- Representing a global technology company in connection with an FCA investigation run jointly by DOJ’s Civil Fraud Section, the U.S. Attorney for the Eastern District of California, and the California Attorney General’s Office. The investigation concerns compliance with cybersecurity requirements in an $800 million government contract and related government contracts.
- Represented the Chief Information Security Officer of a company which recently settled an FCA Civil Cyber-Fraud Initiative matter initiated by a qui tam complaint regarding the company’s compliance with a state-level cybersecurity contract.
- Represented a space technology provider with contracts with the Department of Defense, NASA, and other federal agencies in myriad cybersecurity-related matters, including an FCA Civil Cyber-Fraud Initiative qui tam matter involving allegations that the company misrepresented its compliance with cybersecurity requirements in certain government contracts. Conducted an external cybersecurity assessment of the company’s NIST SP 800-171 and CMMC compliance.
Insights
Client Alert | 3 min read | 08.26.25
On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:
Firm News | 11 min read | 06.05.25
Client Alert | 2 min read | 06.26.24
Another One: It Pays to Consult the DOJ under the Civil Cyber Fraud Initiative
Client Alert | 3 min read | 05.07.24
Insights
Professionals
Insights
Client Alert | 3 min read | 08.26.25
On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:
Firm News | 11 min read | 06.05.25
Client Alert | 2 min read | 06.26.24
Another One: It Pays to Consult the DOJ under the Civil Cyber Fraud Initiative
Client Alert | 3 min read | 05.07.24
Insights
Client Alert | 3 min read | 08.26.25
On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:
Firm News | 11 min read | 06.05.25
Client Alert | 2 min read | 06.26.24
Another One: It Pays to Consult the DOJ under the Civil Cyber Fraud Initiative
Client Alert | 3 min read | 05.07.24