The U.S. Department of Justice (DOJ) announced last Wednesday that settlements and judgments under the False Claims Act (FCA) exceeded $2.9 billion in fiscal year 2024—up approximately 5% from last year. DOJ’s announcement underscores its commitment to FCA enforcement, particularly in the healthcare industry and now with increased activity in the areas of pandemic relief programs, military procurement, and cybersecurity. Below is a detailed summary of the key takeaways from DOJ’s press release, along with our key insights as companies try to anticipate what lies ahead.
Record-Breaking Qui Tam Actions
- Highest Number of Qui Tam Lawsuits: Fiscal year 2024 was record-breaking for qui tam actions. Whistleblowers filed 979 such lawsuits, the highest number in a single year, which is particularly notable given that the constitutionality of FCA qui tam enforcement is currently hanging in the balance after a district judge declared the mechanism unconstitutional, setting up a potential Supreme Court showdown in the years ahead.
- Whistleblower Contributions: Over $2.4 billion of the total recoveries arose from qui tam actions, with whistleblowers receiving more than $400 million in relator shares.
Key Enforcement Priorities
DOJ identified the following as top targets of its enforcement efforts:
- Healthcare fraud
- Fraud in pandemic relief programs
- Violations of cybersecurity requirements in government contracts and grants.
- Military procurement fraud
Healthcare Fraud
Over $1.67 billion was recovered in settlements and judgments from the healthcare industry, signaling that the healthcare sector remains a key enforcement area under the FCA.
- Opioid Epidemic. DOJ maintained its commitment to holding healthcare providers, pharmaceutical companies, and pharmacies accountable for their role in the opioid crisis. For example, federal officials noted that a pharmaceutical company agreed to a multimillion-dollar claim in bankruptcy to resolve allegations related to the marketing of an opioid drug, while a drugstore chain also agreed to a multimillion-dollar claim in bankruptcy for dispensing unlawful prescriptions. Such enforcement seems poised to continue, as DOJ has recently filed complaints against well-known pharmacy store chains alleging that they knowingly filled large quantities of opioid prescriptions that lacked a medical purpose.
- Other Priority Areas. As in prior years, the government continues to pursue cases alleging false claims resulting from medically unnecessary services and substandard care, as well as from unlawful kickbacks and Stark Law violations. The Medicare Advantage program also continues to be an area of critical importance in FCA enforcement. More recently, a healthcare system paid several hundred million dollars to settle allegations in violation of the Stark Law.
Pandemic-Related Fraud
In fiscal year 2024, DOJ secured over 250 FCA settlements and judgments, totaling more than $250 million in pandemic-related fraud recoveries, for improper payments under the Paycheck Protection Program (PPP) and other COVID-19 relief programs—highlighting DOJ’s commitment to ensuring that emergency funds are used appropriately. A financial technology company, for example, agreed to a hundred million dollar claim in bankruptcy for submitting false claims for PPP loan forgiveness.
Cybersecurity Compliance
Since 2021, DOJ has made an effort to use the FCA to ensure that government contractors and grantees adhere to cybersecurity requirements under what the Department calls its Civil Cyber-Fraud Initiative. While the Initiative has resulted in fewer than 10 settlements to date, the more recent cases underscore that data breaches involving government contracts can lead to FCA liability. DOJ highlighted that it reached a multimillion-dollar settlement with two consulting companies to resolve allegations of failing to meet cybersecurity requirements in a federal grant contract for a state rental assistance program, leading to a data breach. An IT service management company also paid a few million dollars to resolve allegations that it failed to implement adequate cybersecurity measures to protect health information during Covid-19 contact tracing. Additionally, DOJ filed suit against a university and settled with another university for alleged non-compliance with cybersecurity requirements, underscoring the importance of such compliance for academic institutions that handle sensitive government data. This is an area that Ropes & Gray’s cross-practice higher education team is monitoring closely.
Military Procurement Fraud
DOJ continued to address fraud in military procurement, which it stated not only wastes government funds but also risks depriving servicemembers of essential resources. For example, Austal USA LLC paid $811,259 for supplying non-compliant valves, and Insect Shield LLC is facing allegations of falsifying insect repellant test results for Army Combat Uniforms. Given the significant amount of federal spending in this area—according to the U.S. Government Accountability Office, the federal government committed about $456 billion in Department of Defense (DOD) government contracts in fiscal year 2023 alone—and given DOJ’s renewed attention to military procurement fraud, we can expect DOD-related enforcement to pick up again in the coming years.
Key Insights
- Emphasis on Cooperation Credit. DOJ made a point of underscoring that it incentivizes and rewards entities and individuals that self-disclose misconduct, cooperate during investigations, and take effective remedial measures, often resulting in reduced penalties or damages multiples. Over the past year, DOJ stated that in reaching resolutions, it gave cooperation credit to those who self-disclosed, assisted in determining government losses, or implemented corrective actions (e.g., tracking system enhancements or employee terminations). We are encouraged by DOJ’s stated commitment to rewarding cooperation and hope to see further evidence of this commitment in the form of settlements at significant discounts—discounts that are commensurate with the presumption of declination available in criminal matters pursuant to the Safe Harbor Policy for Voluntary Self-Disclosures Made in Connection with Mergers and Acquisitions DOJ announced in October 2023.
- Whistleblower Suits: Abundant Despite Constitutional Challenges. The record-breaking number of qui tam actions this year is particularly interesting in light of a brewing debate over the constitutionality of such actions. In U.S. ex rel. Zafirov v. Florida Medical Associates, LLC, et al., No. 8:19-CV-01236-KKM-SPF, 2024 WL 4349242 (M.D. Fla. Sept. 30, 2024), a federal judge in Florida ruled that the qui tam enforcement mechanism of the FCA is unconstitutional on the ground that a qui tam relator qualifies as an “Officer” of the executive branch who is “improperly appointed” in violation of the Appointments Clause of Article II of the Constitution. The ruling is currently on appeal in the Eleventh Circuit and may be headed to the Supreme Court, where three Justices already have expressed openness to considering whether the FCA’s qui tam provisions may be “inconsistent” with Article II. See our recent Alert on this case.
- No Mention of Private Equity Sponsors or Other Investors. Last year, Principal Deputy Assistant Attorney General Brian M. Boynton expressed a renewed commitment to pursuing FCA claims against private equity investors when they cause their portfolio companies’ submissions of false claims. This year’s release makes no mention of private equity or venture capital, likely because the government has not yet reached any resolutions worth highlighting—perhaps a sign that establishing investor liability under the FCA is easier said than done. We have, however, seen a sharp uptick in qui tam cases in which relators have named the private equity sponsor as a defendant. Moreover, companies that invest in the healthcare space should be especially attentive since we’ve still seen an uptick in claims filed, Civil Investigative Demands issued, and investigations opened against private equity sponsors of healthcare companies over the past year. Investors therefore should continue to be thorough in their diligence of portfolio companies to assess FCA risks and should be mindful that active involvement in their portfolio companies’ operations post-transaction can open the door to potential FCA liability.
- Expect More in the Cybersecurity Arena. While DOJ’s focus on cybersecurity comes as no surprise, we may see an increase in enforcement efforts given DOJ’s continued emphasis on recent claims and settlements in the space—and given statements DOJ officials have made in recent months indicating that there are more cybersecurity cases in its pipeline. We can expect DOJ and the relator’s bar to be closely monitoring data breaches and considering whether government contractors are in compliance with their cybersecurity requirements. Ropes & Gray has offered practical considerations for government contractors following DOJ’s recent cyber-fraud initiative settlements (see here).
Conclusion
As the government continues to tout the significance of its FCA judgments and settlements, it’s important for clients to proactively involve counsel in any area where FCA enforcement is prevalent—and particularly in the areas DOJ highlighted in its fiscal year 2024 press release.
