1. Home
  2. |Experience
  3. |Government Contracts
  4. |Cybersecurity and the False Claims Act

Cybersecurity and the False Claims Act

Overview

Crowell helps companies that do business with the government respond to the U.S. Department of Justice’s (DOJ) recent efforts to use the False Claims Act (FCA) in addressing alleged cybersecurity noncompliance through its Civil Cyber-Fraud Initiative. We have been at the forefront of this issue since its inception, and are one of the only firms that is a leader in all relevant practice areas: FCA investigations and litigation; Cybersecurity; and Government Contracts.

The DOJ’s Civil-Cyber Fraud Initiative

In October 2021, DOJ announced the launch of the Civil Cyber-Fraud Initiative, focused on civil enforcement against companies that fail to follow cybersecurity requirements that are increasingly a component of government contracts. As part of the Initiative, the Civil Division’s Fraud Section, which partners with the 93 U.S. Attorney’s offices across the country, is using the FCA to combat cyber threats to sensitive information and critical systems by holding accountable companies that:

  • Provide deficient cybersecurity products or services;
  • Misrepresent cybersecurity compliance; or
  • Fail to monitor and report cybersecurity incidents in accordance with contract requirements.

A Multi-disciplinary Team

Crowell’s long history of advising government contractors and a wide range of companies doing business with the government on federal and state information security issues enabled our team to step in quickly and help clients immediately respond to the Civil Cyber-Fraud Initiative. We have worked with companies in the aerospace and defense, technology, health care, and professional services industries to evaluate and upgrade their compliance efforts, as well as respond to DOJ investigations and whistleblower actions.

With attorneys whose expertise spans our FCA, Cybersecurity, and Government Contracts practices, we are able to leverage insights from all of these fields to create a distinctively comprehensive set of legal services for our government contractor clients. We have been focused on the development and implementation of federal and state information security acquisition policy for decades—a critical perspective made more valuable when this complex area became a high priority for DOJ in 2021.        

Government Experience

Crowell wields extensive government experience with federal and state contracting, cybersecurity, and the FCA on behalf of our clients. We have a deep bench of attorneys with experience as prosecutors and trial attorneys at DOJ and various U.S. Attorney’s Offices. Members of our team have served in DOJ’s Fraud Section, where they investigated and litigated a range of FCA cases; have prosecuted and defended cybercrime cases; and possess real-world experience in the areas of federal procurement and data security, including more than a decade at both the U.S. Department of Defense and the U.S. Department of Homeland Security in the Information Technology, Research & Development, and Security sectors.  

Contacts

See All Professionals

Insights

Client Alert | 3 min read | 08.26.25

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:...

View All Insights

Representative Matters

  • Represented a health care contractor in an FCA investigation conducted by DOJ’s Civil Fraud section, a U.S. Attorney’s Office, and the Offices of Inspector General for the Department of Defense. We defended our client against allegations of fraudulently certifying compliance with various cybersecurity requirements in contracts for administering federal health care programs.
  • Representing a global technology company in connection with an FCA investigation run jointly by DOJ’s Civil Fraud Section, the U.S. Attorney for the Eastern District of California, and the California Attorney General’s Office. The investigation concerns compliance with cybersecurity requirements in an $800 million government contract and related government contracts.
  • Represented the Chief Information Security Officer of a company which recently settled an FCA Civil Cyber-Fraud Initiative matter initiated by a qui tam complaint regarding the company’s compliance with a state-level cybersecurity contract.
  • Represented a space technology provider with contracts with the Department of Defense, NASA, and other federal agencies in myriad cybersecurity-related matters, including an FCA Civil Cyber-Fraud Initiative qui tam matter involving allegations that the company misrepresented its compliance with cybersecurity requirements in certain government contracts. Conducted an external cybersecurity assessment of the company’s NIST SP 800-171 and CMMC compliance.

Contacts

See All Professionals

Insights

Client Alert | 3 min read | 08.26.25

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:...

View All Insights

Professionals

View All Professionals

Insights

Client Alert | 3 min read | 08.26.25

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:...

View All Insights

Practices

Contacts

See All Professionals

Insights

Client Alert | 3 min read | 08.26.25

Hardening Software Security: DOJ’s Civil Cyber Fraud Settlements Continue to Illumina[te] the Importance of Cybersecurity

On July 31, 2025, the Department of Justice (DOJ) announced that Illumina, Inc. will pay $9.8 million to resolve allegations that it violated the False Claims Act (FCA) by selling genomic sequencing systems with software containing cybersecurity vulnerabilities to federal agencies. This is the first FCA settlement involving claims that a medical manufacturer failed to incorporate adequate product cybersecurity into its software design and development.The allegations were first made in United States ex rel. Lenore v. Illumina Inc., No. 1:23-cv-00372 (D.R.I.), a qui tam action filed by Illumina’s former Director for Platform Management, On-Market Portfolio in September 2023. The relator alleged that, between February 2016 and September 2023, Illumina knowingly sold genomic sequencing systems to government agencies without adequate security programs or quality systems to identify and address software vulnerabilities. The complaint further alleged that Illumina failed to properly resource personnel and processes responsible for product security, did not remediate design features introducing cybersecurity risks, and misrepresented the software’s adherence to required cybersecurity standards.According to the government, Illumina’s actions included:...

View All Insights