Health care at the center of the greater United States. Fraud cases in 2021

Cybercrime , Fraud and cybercrime management , Fraud risk management

The federal government has collected $5 billion in settlements and judgments with health sector entities

Marianne Kolbasuk McGee (HealthInfoSec) •
February 2, 2022

Of the $5.6 billion obtained by the Department of Justice in civil settlements and judgments involving misrepresentation and fraud against the U.S. government in 2021, more than $5 billion — or nearly 90% — involved healthcare sector entities.

See also: Passwords: Both biotech and pharma need a new path

In a statement on Tuesday, the Justice Department says health care fraud was by far the largest source of False Claims Act settlements and judgments it collected for fiscal year 2021, which s ended on September 30, 2021.

More than $5 billion of the $5.6 billion raised in federal misrepresentations and fraud involved health sector entities, including drug and medical device manufacturers, managed care providers, hospitals, pharmacies, palliative care organizations, laboratories and doctors, according to the Department of Justice.

Additional amounts were recovered for cases involving state Medicaid programs, it says.

“Ensuring that taxpayers’ money is protected from fraud and abuse is among the department’s top priorities,” Brian Boynton, acting assistant attorney general, said in the statement. “The False Claims Act is one of the most important tools the department has at one time. to deter and hold accountable those who seek to embezzle public funds”.

Matching cases


Healthcare cases resolved last year include an array of misrepresentations and other fraud, including Medicare billing involving manipulated diagnostic codes or for unnecessary medical services, illegal bribes and COVID-19-related fraud under the Paycheck Protection Program, the Department of Justice said.


Last year, the Justice Department reached a $27 million settlement with medical device maker St. Jude Medical Inc. in a case involving allegations that the company, between November 2014 and October 2016, allegedly knowingly sold defective implantable heart devices and allegedly did not disclose serious health issues. events related to the premature draining of the battery of these devices. St. Jude Medical was acquired by Abbott Laboratories in January 2017.

Various St. Jude Medical/Abbott heart devices were also the subject of advisories from the Food and Drug Administration and the Department of Homeland Security in 2017 regarding cybersecurity, battery, and other potential safety issues (see: Abbott releases software fixes for more cardiac devices).



Another Justice Department collection last year was an $18.25 settlement with electronic health record technology provider Athenahealth Inc.


The settlement resolved allegations that the company violated the False Claims Act and the Anti-Kickback Act, including inviting customers and potential customers to “lavish all-expenses-paid events” to bolster sales.

The Justice Department alleged that as a result of the bribes, Athenahealth improperly generated sales while forcing health care providers to submit false statements to the federal government regarding the incentive program funding from the HITECH Act for the adoption and “meaningful use” of Athenahealth’s EHR technology.

The largest False Claims Act cases in the health sector in 2021 involved settlements totaling more than $600 million with prescription opioid makers including Indivior Inc., Indivior plc and Purdue Pharma, according to the Department of Health. Justice.

long standing problem

Some experts note that the health sector has been at the center of some of the government’s biggest false claims, frauds and related whistleblowers – or “qui tam” – for some time.

“Health care has been a major source of misrepresentation acts and ‘qui tam’ cases since the 1990s,” says privacy attorney Kirk Nahra of the law firm WilmerHale. “These fraud recoveries are often driven by healthcare cases – that’s been true for many years.”

In some cases, the threat of malicious insiders — including those trying to circumvent data security controls — committing fraud “is a real problem, in healthcare and in any business,” says -he.

“It’s a real security challenge. Typically, you try to cut off access, but that often doesn’t work for a wide variety of employees,” he says. For example, customer service employees often need access to a large amount of information to do their job.”

“Companies need to focus on counter-attack control. If you can’t cut off front-end access, you need to be more thoughtful, creative, and aggressive in controlling the back-end.”


Cyber ​​Fraud Initiative

The Department of Justice said its civil cyber fraud initiative launched in October 2021 will use the False Claims Act to combat new and emerging cyber threats.

As part of the initiative, the DOJ says it will prosecute “corporate misrepresentations in connection with the government’s acquisition of information technology, software, cloud storage, and related services designed to protect highly sensitive government information from cybersecurity threats and compromises” (see: US DOJ fines contractors for not reporting incidents).

Justice Department officials say the initiative “will hold accountable entities or individuals who endanger U.S. information or systems by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols , or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”

The DOJ’s pursuit of fraud and reporting failures comes amid an increase in cyberattacks targeting key sectors – including the SolarWinds breach in which Russian-linked actors compromised around 100 organizations around the world as well as nine federal agencies.

There have also been crippling ransomware attacks, including one on Colonial Pipeline, which temporarily cut off fuel supplies to the East Coast; one on meat producer JBS USA; and one on managed services provider Kaseya, in which some 1,500 downstream organizations were crypto-locked last July.

Comments are closed.