Health care at the center of the greater United States. Fraud cases in 2021

Cybercrime , Fraud and cybercrime management , Fraud risk management

The federal government has collected $5 billion in settlements and judgments with health sector entities

Marianne Kolbasuk McGee (HealthInfoSec) •
February 2, 2022

Of the $5.6 billion obtained by the Department of Justice in civil settlements and judgments involving misrepresentation and fraud against the US government in 2021, more than $5 billion – or almost 90% – involved healthcare entities.

See also: Case Study: The Road to Zero Trust

In one declaration Released on Tuesday, the Justice Department says health care fraud was by far the biggest source of False Claims Act settlements and judgments it collected for the 2021 fiscal year, which ended September 30, 2021.

More than $5 billion of the $5.6 billion raised in federal misrepresentations and fraud involved health sector entities, including drug and medical device manufacturers, managed care providers, hospitals, pharmacies, palliative care organizations, laboratories and doctors, according to the Department of Justice.

Additional amounts were recovered for cases involving state Medicaid programs, it says.

“Ensuring that taxpayers’ money is protected from fraud and abuse is among the department’s top priorities,” Brian Boynton, acting assistant attorney general, said in the statement. “The False Claims Act is one of the most important tools the department has at one time. to deter and hold accountable those who seek to embezzle public funds”.

Matching cases


Healthcare cases resolved last year include a series of misrepresentations and other fraud, including Medicare billing involving manipulated diagnostic codes or for unnecessary medical services, illegal bribes and COVID-19[female[feminine-Fraud related to the Paycheck Protection Program, according to the Department of Justice.


Last year, the Department of Justice struck a $27 million deal with medical device manufacturer St. Jude Medical Inc. in a case involving allegations that the company, between November 2014 and October 2016, knowingly sold defective implantable heart devices and failed to disclose serious adverse health events related to the premature battery drain of these devices. St. Jude Medical was acquired by Abbott Laboratories in January 2017.

Various St. Jude Medical/Abbott heart devices were also the subject of advisories from the Food and Drug Administration and the Department of Homeland Security in 2017 regarding cybersecurity, battery, and other potential safety issues (see: Abbott releases software fixes for more cardiac devices).



Another Justice Department collection last year was an $18.25 settlement with electronic health record technology provider Athenahealth Inc.


This regulation resolved allegations that the company violated the False Claims Act and the Anti-Kickback Act, including inviting customers and potential customers to “lavish all-expenses-paid events” to boost sales .

The Justice Department alleged that as a result of the bribes, Athenahealth improperly generated sales while forcing health care providers to submit false statements to the federal government regarding the HITECH Law financial incentive program for the adoption and “meaningful use” of Athenahealth’s EHR technology.

The largest False Claims Act cases in the health sector in 2021 involved settlements totaling more than $600 million with prescription opioid makers including Indivior Inc., Indivior plc and Purdue Pharma, according to the Department of Health. Justice.

long standing problem

Some experts note that the health sector has been at the center of some of the government’s biggest false claims, frauds and related whistleblowers – or “qui tam” – for some time.

“Health care has been a major source of false claims and ‘qui tam’ cases since the 1990s,” said privacy attorney Kirk Nahra of the law firm WilmerHale. “These fraud recoveries are often driven by healthcare cases – that’s been true for many years.”

In some cases, the threat of malicious insiders — including those trying to circumvent data security controls — committing fraud “is a real problem, in healthcare and in any business,” says -he.

“It’s a real security challenge. Typically you’re trying to cut accessbut that often doesn’t work for a wide variety of employees,” he says. For example, customer service employees often need access to a large amount of information to do their jobs.

“Companies need to focus on counter-attack control. If you can’t cut off front-end access, you need to be more thoughtful, creative, and aggressive in controlling the back-end.”


Cyber ​​Fraud Initiative

The Department of Justice says its Civil Cyber ​​Fraud Initiative launched in October 2021 will use the False Claims Act to combat new and emerging cyber threats.

According to the DOJ, as part of this initiative, it will prosecute “corporate misrepresentations in connection with the government’s acquisition of information technology, software, cloud-based storage and related services designed to protect highly sensitive government information from cybersecurity threats and compromises” (see: US DOJ fines contractors for not reporting incidents).

Justice Department officials say the initiative “will hold accountable entities or individuals who endanger U.S. information or systems by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols , or knowingly violating the obligations to monitor and report cybersecurity incidents and shortcomings.”

The DOJ’s pursuit of fraud and reporting failures comes amid an increase in cyberattacks targeting key sectors – including the SolarWinds breach in which Russian-linked actors compromised around 100 organizations around the world as well as nine federal agencies.

There have also been paralyzers Ransomware attacks, including one on Colonial Pipeline, which temporarily cut off fuel supplies to the East Coast; one on meat producer JBS USA; and one on managed services provider Kaseya, in which some 1,500 downstream organizations were crypto-locked last July.

Comments are closed.