Category: US Department of Justice

Source: United States Department of Justice

Note: View the settlement agreement here. 

Health Net Federal Services Inc. (HNFS) of Rancho Cordova, California and its corporate parent, St. Louis-based Centene Corporation, have agreed to pay $11,253,400 to resolve claims that HNFS falsely certified compliance with cybersecurity requirements in a contract with the U.S. Department of Defense (DoD) to administer the Defense Health Agency’s (DHA) TRICARE health benefits program for servicemembers and their families. In 2016, Centene acquired all of the issued and outstanding shares of Health Net Inc., HNFS’s corporate parent, and assumed the liabilities of HNFS.

“Companies that hold sensitive government information, including sensitive information of the nation’s servicemembers and their families, must meet their contractual obligations to protect it,” said Acting Assistant Attorney General Brett A. Shumate, head of the Justice Department’s Civil Division. “We will continue to pursue knowing violations of cybersecurity requirements by federal contractors and grantees to protect Americans’ privacy and economic and national security.”

“Safeguarding sensitive government information, particularly when it relates to the health and well-being of millions of service members and their families, is of paramount importance,” said Acting U.S. Attorney Michele Beckwith for the Eastern District of California. “When HNFS failed to uphold its cybersecurity obligations, it didn’t just breach its contract with the government, it breached its duty to the people who sacrifice so much in defense of our nation.”

“This settlement reflects the significance of protecting TRICARE, and the service members and their families who depend on the health care program, from risks of exploitation,” said Cyber Field Office Special Agent in Charge Kenneth DeChellis of the Defense Criminal Investigative Service (DCIS), the law enforcement arm of the DoD Office of Inspector General. “DCIS will not be deterred from investigating contractors that fail to comply with federal cybersecurity requirements and risk exposing protected information vulnerable to criminal hackers. The U.S. taxpayers who fund these government contracts expect no less.”

The settlement resolves allegations that, between 2015 and 2018, HNFS failed to meet certain cybersecurity controls and falsely certified compliance with them in annual reports to DHA that were required under its contract to administer the TRICARE program. The United States alleged that HNFS failed to timely scan for known vulnerabilities and to remedy security flaws on its networks and systems, in accordance with its System Security Plan and the response times HNFS had established. Furthermore, the United States alleged HNFS ignored reports from third-party security auditors and its internal audit department of cybersecurity risks on HNFS’ networks and systems related to asset management; access controls; configuration settings; firewalls; end-of-life hardware and software in use; patch management (i.e., installing critical security updates released by vendors to counter known threats); vulnerability scanning; and password policies.

The Civil Division’s Commercial Litigation Branch (Fraud Section) and the U.S. Attorney’s Office for the Eastern District of California handled the matter, with assistance from DoD’s Office of Inspector General, including the DCIS, Cyber Field Office Western Region and the Inspector General’s Office of Audits, Cyberspace Operations Directorate, and DoD’s Defense Contract Management Agency, Defense Industrial Base Cybersecurity Assessment Center.

Trial Attorneys Christopher Wilson, Laura Hill, and Jonathan Thrope of the Civil Division’s Fraud Section and Assistant U.S. Attorney Steven Tennyson for the Eastern District of California represented the United States in this matter.

The claims asserted against defendants are allegations only; there has been no determination of liability.

Source: United States Department of Justice Criminal Division

On Jan. 31, a court in Miami entered the final in a series of consent decrees, permanently barring 10 individuals and entities from operating a scheme to steal funds from thousands of bank accounts belonging to consumers and small businesses across the United States.

In a civil complaint unsealed on Dec. 11, 2023, the Justice Department alleged that a network of individuals and their companies, including defendants Farhan Khan, Jeremy Todd Briley, Christopher Foufas, Brandon Hahn, and Melinda Petit-Homme, participated in a scheme to steal millions of dollars from consumers and small businesses by making recurring unauthorized charges against their bank accounts.

The defendants allegedly used sham companies, including Altitude Processing Inc., which does business as Clear Marketing Agency, to cover their tracks and make the unauthorized charges appear legitimate. The defendants also allegedly took elaborate steps to portray the sham companies as legitimate businesses that provided online marketing services, creating bogus websites for the sham companies, fake customer authorizations for the charges, and a “customer service” call center to field complaints and offer refunds. The government alleged that, in reality, victims of the scheme never signed up for — or received — any services from the defendants.

“These consent decrees are the hard-won result of the Department’s efforts to eradicate schemes that prey upon consumers and small businesses across the United States,” said Acting Assistant Attorney General Brett Shumate of the Justice Department’s Civil Division. “The Department is committed to using all the tools at its disposal to block fraudsters from reaching into victims’ bank accounts and draining their savings through repeated unauthorized charges.”

“The U.S. Postal Inspection Service will relentlessly pursue any and everyone masquerading as legitimate businesses to fraudulently steal money from unsuspecting consumers,” said Inspector in Charge Eric Shen of the Postal Inspection Service’s Criminal Investigations Group. “Postal inspectors work diligently to investigate fraud scams and educate the public about how to protect their money from criminals.”

Under the consent decrees, the defendants may not charge consumers without authorization. The consent decrees also prevent the defendants from taking any measures to: (a) evade fraud and risk monitoring programs established by any financial institution, payment processor, or the operator of any payment system; (b) disguise the nature of transactions; or (c) artificially reduce chargeback rates. They are further prohibited from assisting any other individuals or entities with taking any of the prohibited actions. The consent decrees do not constitute an admission of guilt on behalf of the defendants.

The United States Postal Inspection Service investigated the case.

Trial Attorneys Carolyn Rice and Meredith Reiter of the Civil Division’s Consumer Protection Branch represented the government in this matter. The U.S. Attorney’s Office for the Southern District of Florida provided substantial assistance.

For more information about the Consumer Protection Branch and its enforcement efforts, visit its website at www.justice.gov/civil/consumer-protection-branch.

Source: United States Department of Justice

Today, Attorney General Pamela Bondi toured the Port of Tampa Bay – the largest port in Florida – and received a briefing from the Port’s CEO, Paul Anderson.

Attorney General Bondi and Port Leadership discussed the Port’s important role in safeguarding Floridians and the American people as a key port of entry into this US. They also discussed the vital role that government plays in helping protect national security at ports.

Other topics discussed included Port Tampa Bay’s advancements in protecting against foreign threats to physical and cyber security infrastructure, securing the Panama Canal, and ongoing coordination with the American Association of Port Authorities (AAPA) and the Coalition for America’s Gateways and Trade Corridors (CAGTC).

Attorney General Bondi closed the briefing by thanking all in attendance for their important work on protecting the American people, safeguarding our national security, and encouraging the flow of commerce.

Attorney General Bondi concluded by stating “Our ports are often the first line of defense in protecting Americans from national security threats like human trafficking, drug smuggling, and cybercrime. It was an honor to spend time with Paul Anderson and his team, who are collaborating closely with government partners and doing incredible work to protect Floridians and our Nation in my hometown of Tampa.”

Participants:

Paul Anderson, President and CEO of Port Tampa Bay

Charles Klug, Principal Counsel of Port Tampa Bay

Ken Washington, Vice President and Chief Information Officer of Port Tampa Bay

Mark Dubina, Vice President of Security of Port Tampa Bay

Laura Lenhart, Vice President of Government Affairs of Port Tampa Bay

Sue Bai, Assistant Deputy Attorney General for National Security

Catharine Cypher, Deputy Chief of Staff, Department of Justice

Source: United States Department of Justice Criminal Division

SVCMC Inc., formerly known as Saint Vincents Catholic Medical Centers of New York (Saint Vincent), has agreed to pay $29 million to resolve allegations that it violated the False Claims Act by knowingly retaining erroneously inflated payments received from the Department of Defense for healthcare services provided to retired military members and their families.

Saint Vincent is one of six health plans participating in the Uniformed Services Family Health Plan (USFHP) program, which is a federal health insurance program funded by the Defense Health Agency (DHA), a component of the Department of Defense. Under the USFHP program, DHA pays Saint Vincent capitated rates to provide healthcare services to military personnel, retirees, and their families. The complaint alleged that, in 2012, Saint Vincent learned that errors had been made in the calculation of the capitated rates resulting in substantial overpayments to Saint Vincent and the other five USFHP plans over the preceding four years. According to the government’s complaint, instead of notifying the government of the overpayments or repaying the funds, Saint Vincent, along with the other five USFHP plans, took steps to conceal the existence of the overpayments from DHA, continued to submit invoices at the inflated payment rates, and conspired to avoid paying the money back. Today’s settlement resolves the government’s claims against Saint Vincent.

“Those who receive public funds, including participants in government health care programs, must return funds to which they are not entitled,” said Acting Assistant Attorney General Brett A. Shumate, head of the Justice Department’s Civil Division. “Together with our partners across the federal government, we will hold accountable those who knowingly violate this obligation to the American taxpayers.”

“I want to thank the Justice Department for resolving this case on behalf of TRICARE and the Defense Health Agency,” said Dr. David C. Krulak, Director, TRICARE Health Plan, DHA. “Providing excellent health care to our 9.5 million beneficiaries worldwide is essential to maintaining force readiness and keeping our promise to our family members and retirees, while being good stewards of taxpayer dollars at the same time.”

The civil settlement resolves claims brought under the qui tam or whistleblower provisions of the False Claims Act by Jane Rollinson and Daniel Gregorie in the District of Maine. From 2007 to 2015, Ms. Rollinson worked at Martin’s Point Health Care, one of the health plans participating in the USFHP program, including as its Interim Chief Financial Officer. Mr. Gregorie was a consultant to the CEO and Board of Martin’s Point Health Care and later served on its Board of Trustees. Under the False Claims Act’s qui tam provisions, a private party can file an action on behalf of the United States and receive a portion of any recovery. The United States may intervene and proceed with the case, as it did here. The qui tam case is captioned United States ex rel. Rollinson v. Martin’s Point Health Care, Inc., No. 2:16-cv-00447-NT (D. Me.). As part of today’s settlement, Ms. Rollinson and Mr. Gregorie will receive $5.655 million. The United States is continuing to pursue the remaining claims in this case.

The resolution of this matter was the result of a coordinated effort between the Civil Division’s Commercial Litigation Branch (Fraud Section) and the U.S. Attorney’s Office for the District of Maine, with assistance from the DHA.

The investigation and resolution of this matter illustrates the government’s emphasis on combating healthcare fraud. One of the most powerful tools in this effort is the False Claims Act. Tips and complaints from all sources about potential fraud, waste, abuse, and mismanagement, can be reported to the Department of Health and Human Services at 800-HHS-TIPS (800-447-8477).

The matter was handled by Fraud Section Attorneys Diana Cieslak and Evan Ballan and Assistant U.S. Attorneys Andrew Lizotte and Sheila Sawyer for the District of Maine.

The claims resolved by the settlement are allegations only and there has been no determination of liability.

Source: United States Department of Justice Criminal Division

A Nevada woman pleaded guilty yesterday to conspiring to defraud the United States by making claims for refunds of false COVID-19 related employment tax credits.

According to court documents and statements made in court, Candies Goode-McCoy, of Las Vegas, conspired with others to file tax returns seeking fraudulent refunds based on the employee retention credit (ERC) and paid sick and family leave credit. From around June 2022 through September 2023, McCoy filed approximately 1,227 false tax returns for her businesses and others claiming these refundable credits.

In total, these claims sought refunds of over $98 million, of which the IRS paid approximately $33 million. McCoy personally received over $1.3 million in fraudulent refunds and was paid about $800,000 from those on whose behalf she filed fraudulent returns. McCoy knew that these returns were fraudulent. Neither she nor the others for whom she filed them were eligible to receive the refundable credits in the amounts claimed. McCoy used the proceeds for her personal benefit, including the purchase of luxury cars, gambling at casinos, vacations and other luxury goods.

In response to the COVID-19 pandemic and its economic impact, Congress authorized the ERC for small businesses to reduce the employment tax owed to the IRS. Congress also authorized the IRS to give a credit against employment taxes to reimburse businesses for the wages paid to employees who were on sick or family leave and could not work because of COVID-19. This credit was equal to the wages the business paid the employees during the sick or family leave, subject to a maximum amount.

McCoy is scheduled to be sentenced on Feb. 23, 2026. She faces a maximum penalty of 10 years in prison as well as a period of supervised release, restitution and monetary penalties. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

Acting Deputy Assistant Attorney General Karen E. Kelly of the Justice Department’s Tax Division and Acting U.S. Attorney Sue Fahami for the District of Nevada made the announcement.

IRS Criminal Investigation and the Treasury Inspector General for Tax Administration are investigating the case.

Trial Attorney John C. Gerardi of the Tax Division and Assistant U.S. Attorney Richard Anthony Lopez for the District of Nevada are prosecuting the case.