On August 1, Cisco Systems reached a multi-state settlement agreement to resolve what is believed to be the first cybersecurity False Claims Act litigation brought as a result of an internal whistleblower complaint. The litigation, spearheaded by the New York Attorney General, together with eighteen other Attorney Generals, took more than eight years to wind itself through the court system. The whistleblower worked for Cisco’s European division, and discovered and reported security issues on more than one occasion. According to court filings, Cisco failed to act on the information the whistleblower provided for at least two years and not until the states began investigating the validity of the whistleblower’s complaint. Under the settlement, Cisco pays $8.6 million, and the states will receive $6 million of that amount. The whistleblower will receive approximately $1.7 million.
The Cisco settlement comes on the heels of the Department of Justice’s (DOJ) recent settlement with IBM in June. In that matter, IBM agreed to pay $14.8 million to settle their False Claims Act allegations. The IBM matter involved what the DOJ called “material misrepresentations” to the State of Maryland regarding software and services capabilities that led to a multi-year contract for IBM. Both the U.S. Attorney and the Officer of the Inspector General for Health and Human Services weighed in on the matter:
“When companies misrepresent their products and capabilities in order to win government contracts, they enrich themselves at taxpayers’ expense,” said U.S. Attorney Robert K. Hur. “Today’s resolution demonstrates our continuing commitments to hold companies accountable for their actions.”
“Companies are expected to be candid about products, skills and abilities during contract negotiations,” said Maureen R. Dixon, Special Agent in Charge for the Department of Health and Human Services, Office of the Inspector General. “We will continue to work with the U.S. Department of Justice to ensure taxpayer dollars are only spent for honest, high quality health care products and services.”
Expect to see a spike in whistleblower complaints given the Cisco and IBM outcomes. Jacqueline Peterson, who leads Weaver’s anti-corruption, compliance and ethics team and who defended a Fortune 9 company on multiple False Claims Act cases, can help assess the effectiveness of your compliance program and help implement changes to address any identified issues. Additionally, Weaver’s IT Advisory Services team, including Brian Thomas and Trip Hillman, can provide technical guidance and experience related to cybersecurity matters.
Weaver professionals also develop technical procedures to assess cyber risk, such as vulnerability assessments and penetration testing, as well as help organizations evaluate their holistic cybersecurity posture and develop roadmaps to achieve their target maturity level. Contact us to discover how Weaver's team can help your company.
Authored by Jacqueline Peterson.