Category: US Department of Justice

Source: United States Department of Justice Criminal Division

Assistant Attorney General Jonathan Kanter of the Justice Department’s Antitrust Division released the following statement after UnitedHealth Group abandoned its proposed acquisitions of Stewardship Health Inc. and a related company following scrutiny from the Antitrust Division.

“When you ask Americans what keeps them up at night, affording and accessing quality health care is too often at the top of their list. These transactions are among UnitedHealth Group’s latest proposed provider-related acquisitions, and they raised questions about quality of care, cost of care and working conditions for doctors, nurses and other healthcare providers. I am grateful for the Antitrust Division’s lawyers, economists, paralegals and professional staff who are tireless in their commitment to identify and address pressing antitrust problems in healthcare markets.”

Source: United States Department of Justice Criminal Division

On July 18, the U.S. District Court for the District of Maryland entered default judgments for the United States totaling $26,341,951.38 against Patrick Britton-Harr and multiple laboratory companies owned by him for violations of the False Claims Act. The court entered these judgments after Britton-Harr and his companies failed to defend against the United States’ allegations.

In its complaint, filed on July 18, 2023, the United States alleged that Patrick Britton-Harr owned and operated Provista Health, LLC as well as multiple other corporate entities that sought to profit from the unfolding COVID-19 pandemic by offering COVID-19 tests to nursing homes as a way to bill Medicare for a wide array of medically unnecessary respiratory pathogen panel (RPP) tests. The complaint alleged that these RPP tests were not medically necessary because the beneficiaries had no symptoms of a respiratory illness and because the tests were for uncommon respiratory pathogens.

The complaint also alleged that Britton-Harr and Provista Health submitted claims for RPP tests that were never ordered by physicians and sometimes for RPP tests that were never performed, including over 300 claims that stated that the nasal swab test sample was supposedly collected from the beneficiary on a date after the beneficiary had died. 

Also on July 18, 2023, the United States filed an application for prejudgment remedies under the Federal Debt Collection Procedures Act seeking to attach and garnish certain financial assets of Britton-Harr and to obtain financial discovery from him to help ensure funds would be available to satisfy a judgment in favor of the United States. Despite a court order prohibiting Britton-Harr from selling his house in Annapolis without approval from the court, he sold the house on Sept. 23, 2023, for $575,000 and dissipated the financial proceeds from the sale. On March 4, the court granted the United States’ motion to hold Britton-Harr in civil contempt for violating this order and ordered him to deposit $575,000 with the court’s registry.

“The Justice Department remains committed to holding accountable individuals and entities who took advantage of the COVID-19 pandemic to defraud the American taxpayers,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “We will continue to pursue those who attempt to thwart justice by ignoring lawsuits, dissipating assets and violating court orders.”

“The exploitation of federal health care programs designed to help the elderly and disabled during a national crisis is absolutely inexcusable,” said U.S. Attorney Erek L. Barron for the District of Maryland. “Regardless their methods, we will hold accountable those who defraud such programs for personal gain.” 

“It’s clear that Patrick Britton-Harr thought he could defraud the government by taking advantage of a global pandemic and never face the consequences. The extent of his fraud and abuse is astounding. He took critical resources away from our healthcare system and cost taxpayers their hard-earned money,” said Special Agent in Charge William J. DelBagno of the FBI Baltimore Field Office. “This investigation proves the FBI and our federal partners will continue to investigate and bring fraudsters like Britton-Harr to justice no matter how long it takes.”

“Taking advantage of Medicare beneficiaries and the COVID-19 pandemic to line companies’ pockets is unacceptable,” said Special Agent in Charge Maureen Dixon of the Department of Health and Human Services Office of the Inspector General (HHS-OIG). “HHS-OIG, the Justice Department and our other law enforcement partners work tirelessly to ensure that only legitimate products and services actually provided will be paid for by federal health insurance programs.”

The United States’ pursuit of this lawsuit illustrates the government’s emphasis on combating healthcare fraud. One of the most powerful tools in this effort is the False Claims Act. Tips and complaints from all sources about potential fraud, waste, abuse and mismanagement can be reported to HHS at 800‑HHS‑TIPS (800-447-8477).  

The Civil Division’s Commercial Litigation Branch, Fraud Section, and the U.S. Attorney’s Office for the District of Maryland handled the matter.

HHS-OIG and the FBI are providing investigative support.

Trial Attorneys Jonathan Hoerner and Vincent Vaccarella of the Civil Division’s Fraud Section and Assistant U.S. Attorney/Deputy Civil Chief Tarra DeShields for the District of Maryland are handling the case.

Source: United States Department of Justice Criminal Division

Note: View the indictment here and view cryptocurrency seizure affidavit here.

A grand jury in Kansas City, Kansas, returned an indictment on Wednesday charging North Korean national Rim Jong Hyok for his involvement in a conspiracy to hack and extort U.S. hospitals and other health care providers, launder the ransom proceeds, and then use these proceeds to fund additional computer intrusions into defense, technology, and government entities worldwide. Their ransomware attacks prevented victim health care providers from providing full and timely care to patients.

“Two years ago, the Justice Department disrupted the North Korean group using Maui ransomware to hold hostage U.S. hospitals and health care providers,” said Deputy Attorney General Lisa Monaco. “Today’s criminal charges against one of those alleged North Korean operatives demonstrates that we will be relentless against malicious cyber actors targeting our critical infrastructure. This latest action, in collaboration with our partners in the U.S. and overseas, makes clear that we will continue to deploy all the tools at our disposal to disrupt ransomware attacks, hold those responsible to account, and place victims first.”

“Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea’s illicit activities,” said Deputy Director Paul Abbate of the FBI. “These unacceptable and unlawful actions placed innocent lives at risk. The FBI and our partners will leverage every tool available to neutralize criminal actors and protect American citizens.”

“North Korean hackers developed custom tools to target and extort U.S. health care providers and used their ill-gotten gains to fund a spree of hacks into government, technology, and defense entities worldwide, all while laundering money through China,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “The indictment, seizures, and other actions announced today demonstrate the Department’s resolve to hold these malicious actors accountable, impose costs on the North Korean cyber program, and help innocent network owners recover their losses and defend themselves.”

“Today’s indictment underscores our commitment to protecting critical infrastructure from malicious actors and the countries that sponsor them,” said U.S. Attorney Kate E. Brubacher for the District of Kansas. “Rim Jong Hyok and those in his trade put people’s lives in jeopardy. They imperil timely, effective treatment for patients and cost hospitals billions of dollars a year. The Justice Department will continue to disrupt nation-state actors and ensure that American systems are protected in the District of Kansas and across our nation.”

“The Air Force Office of Special Investigations (OSI) will continue to work alongside our law enforcement partners to root out malicious actors who seek to degrade the Department of the Air Force’s ability to protect the nation,” said Commander Brigadier General Amy S. Bumgarner of OSI. “Multiple OSI units, including one of our newly established National Security Detachments, which were established to provide counterintelligence, law enforcement and analytical support to protect technology at the earliest stages of advanced research and development, provided support to this investigation.”

“While North Korea uses these types of cybercrimes to circumvent international sanctions and fund its political and military ambitions, the impact of these wanton acts have a direct impact on the citizens of Kansas,” said Special Agent in Charge Stephen A. Cyrus of the FBI Kansas City Field Office. “These actions keep our families from getting the health care they need, slowing the response of our first responders, endangering our critical infrastructure and, ultimately, costing Kansans through ransoms paid, lost productivity, and money spent to rebuild our networks following cyber attacks. Today’s charges prove these cyber actors cannot act with impunity and that malicious actions against the citizens of Kansas and the rest of the United States have severe consequences.”

“The indictment of individuals responsible for breaching U.S. government systems, regardless of their location, demonstrates the dedication of the National Aeronautics and Space Administration Office of Inspector General (NASA-OIG), the Justice Department, and our law enforcement partners to relentlessly investigate, prosecute, and hold accountable those who believe they can operate in the shadows,” said Assistant Inspector General for Investigations Robert Steinau of NASA-OIG.

According to court documents, Rim and his co-conspirators worked for North Korea’s Reconnaissance General Bureau, a military intelligence agency, and are known to the private sector as “Andariel,” “Onyx Sleet,” and “APT45.” Rim and his co-conspirators laundered ransom payments through China-based facilitators and used these proceeds to purchase internet infrastructure, which the co-conspirators then used to hack and exfiltrate sensitive defense and technology information from entities across the globe. Victims of this further hacking include two U.S. Air Force bases, NASA-OIG, and entities located in Taiwan, South Korea, and China. Related Andariel activity has been the subject of private sector reporting, and a cybersecurity advisory with updated technical indicators of compromise was published by the FBI, the National Security Agency, U.S. Cyber Command’s Cyber National Mission Force, the Department of the Treasury, the Department of Defense’s Cyber Crime Center, the Cybersecurity and Infrastructure Security Administration, and South Korean and United Kingdom partners today.

The Justice Department and the FBI are also announcing the interdiction of approximately $114,000 in virtual currency proceeds of ransomware attacks and related money laundering transactions, as well as the seizure of online accounts used by co-conspirators to carry out their malicious cyber activity. The FBI previously seized approximately $500,000 in virtual currency proceeds of ransomware attacks and related money laundering transactions. In addition to these actions, the Department of State announced today a reward offer of up to $10 million for information leading to the location or identification of Rim. The State Department’s Rewards for Justice program has a standing reward offer for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, engages in certain malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.

Private sector partners are also taking other voluntary actions to limit the spread of Andariel-created malware. In partnership with the Department, Microsoft developed and implemented technical measures to block Andariel actors from accessing victims’ computer networks. Additionally, Mandiant is publishing research today that highlights its unique insights into Andariel’s tactics, techniques, and procedures. These actions by Microsoft and Mandiant were a significant part of the overall effort to secure networks, and they will help cybersecurity practitioners prevent, identify, and mitigate attacks from Andariel actors.

Maui Ransomware and Money Laundering

As alleged in the indictment, Rim worked for North Korea’s Reconnaissance General Bureau (RGB), a military intelligence agency, and participated in the conspiracy to target and hack computer networks of U.S. hospitals and other health care providers, encrypt their electronic files, extort a ransom payment from them, launder those payments, and use the laundered proceeds to hack targets of interest to the North Korean regime.

The Andariel actors used custom malware, developed by the RGB, known as “Maui.” After running the maui.exe program to encrypt a ransomware victim’s computer network, the North Korean co-conspirators would extort the organization by leaving a note with a cryptocurrency address for a ransom payment.

The Andariel actors received ransom payments in a virtual currency and then laundered the payments with the assistance of Hong Kong-based facilitators. In at least one case, these Hong Kong facilitators converted ransom funds from cryptocurrency to Chinese yuan. The yuan was then accessed from an ATM in China in the immediate vicinity of the Sino-Korean Friendship Bridge, which connects Dandong, China, and Sinuiju, North Korea.

Exfiltration of Sensitive Data from Companies and Government Agencies

Rim and his co-conspirators used ransom proceeds to lease virtual private servers that were used to launch attacks against defense, technology, and other organizations, and to steal information from them. Victims of this further hacking included U.S. defense contractors, two U.S. Air Force bases, NASA-OIG, South Korean and Taiwanese defense contractors, and a Chinese energy company. The Andariel actors obtained initial access to victims’ networks by exploiting known vulnerabilities that had not been patched by the victims, including the widespread Log4Shell vulnerability. (Additional tactics, techniques, and procedures are available in the joint cybersecurity advisory released today.) The Andariel actors stole terabytes of information, including unclassified U.S. government employee information, old technical information related to military aircraft, intellectual property, and limited technical information pertaining to maritime and uranium processing projects.

Assistant U.S. Attorneys Ryan Huschka and Chris Oakley for the District of Kansas and Trial Attorneys Neeraj Gupta and George Brown of the National Security Division’s National Security Cyber Section are prosecuting the case.

The FBI continues to investigate Andariel’s hacking and money laundering activities. The Air Force Office of Special Investigations, the Department of Defense Cyber Crime Center, and NASA-OIG provided valuable assistance.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt.

View previous joint cybersecurity advisories from CISA here.

View previous joint cybersecurity advisories from Department of Defense here.

View previous cryptocurrency seizure announcement here.

Source: United States Department of Justice Criminal Division

A federal grand jury in Houston returned an indictment today charging an Indian national with selling and shipping tens of thousands of dollars’ worth of counterfeit oncology pharmaceuticals into the United States.  

According to court documents, Sanjay Kumar, 43, of Bihar, India, and his co-conspirators allegedly arranged for the sale and shipment of fake, counterfeit versions of oncology pharmaceuticals—including Keytruda—to individuals in the United States. Genuine Keytruda is a cancer immunotherapy that is approved in the United States for 19 different indications, including to treat certain types of melanoma, lung cancer, head and neck cancer, Hodgkin lymphoma, gastric cancer, cervical cancer, and breast cancer. Merck Sharp & Dohme LLC, formerly known as Merck Sharp & Dohme Corp., has the exclusive right to authorize the manufacture of Keytruda for introduction into interstate commerce.

Kumar was arrested on June 26 in Houston after traveling to the United States to conduct further negotiations aimed at expanding his business selling fake Keytruda in the U.S. market.

Kumar is charged with one count of conspiracy to traffic in counterfeit drugs and four counts of trafficking in counterfeit drugs. If convicted, he faces a maximum penalty of 20 years in prison on each count.

Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division; U.S. Attorney Alamdar Hamdani for the Southern District of Texas; Special Agent in Charge Mark Dawson of Homeland Security Investigations (HSI) Houston; and Special Agent in Charge Charles Grinstead of the Food and Drug Administration’s (FDA) Office of Criminal Investigations, Kansas City Field Office made the announcement.

HSI and the FDA investigated the case.

Trial Attorneys Jeff Pearlman and Bryce Rosenbower of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Jay Hileman for the Southern District of Texas are prosecuting the case.

An indictment is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Source: United States Department of Justice Criminal Division

The United States has filed a civil complaint under the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA) against National General Holdings Corp. and its subsidiaries, National General Insurance Company, National General Lender Services Inc. and Newport Management Corporation (National General), alleging that, for over a decade, National General erroneously force-placed its Collateral Protection Insurance (CPI) product on vehicles financed through Wells Fargo, despite borrowers already having insurance through other carriers.

“Companies must deal fairly and honestly with consumers,” said Principal Deputy Assistant Attorney General Brian M. Boynton, head of the Justice Department’s Civil Division. “Today’s lawsuit demonstrates that the department will use all of the tools at its disposable to protect the American public against deceptive and fraudulent business practices.”

“Today’s complaint alleges a long-running scheme to defraud hundreds of thousands of car buyers,” said U.S. Attorney Eric G. Olshan for the Western District of Pennsylvania. “For years, these defendants saddled ordinary Americans, including residents of this district, with allegedly unnecessary insurance, leading to dire real-world consequences like repossessed vehicles and other unwarranted collection activities. This enforcement action reinforces an important message: our office, together with our law enforcement partners, will take decisive action to combat fraud in the insurance industry, protect consumers and hold companies accountable for their wrongdoing under federal law.”  

The government’s complaint, filed in the U.S. District Court for the Western District of Pennsylvania, alleges that, from at least 2008 and through the latter part of 2016, National General systemically failed to accurately track whether cars financed by Wells Fargo had the requisite insurance coverage from an outside carrier, and thereby knowingly or recklessly force-placed its own, much costlier CPI on at least 655,000 vehicles that already had outside insurance. In particular, the United States alleges that National General’s tracking efforts were deficient for a variety of reasons, including that National General repeatedly mailed letters seeking insurance information to borrowers at addresses that had previously been returned as undeliverable; in many instances, National General made no phone calls to insurance carriers, agents or borrowers to obtain outside insurance information, despite internal requirements to make a certain number of phone calls; and National General often failed to match insurance information in its possession to financed vehicles.

According to the complaint, National General knew for years that its so-called tracking system was wholly ineffective and that it was routinely imposing force-placed CPI on hundreds of thousands of borrowers in error. National General allegedly received thousands of complaints from borrowers and tracked and reported, both internally and to Wells Fargo, its high “false placements” rates throughout the relevant period.

The complaint further alleges that, as a result of falsely placing CPI, borrowers were charged duplicative and unnecessary CPI premiums in connection with their loans, often without adequate notification to the borrowers. The United States also contends that National General’s conduct had a range of additional negative consequences for borrowers, including improper charges for late fees and interest, negative effects on credit scores and improper repossession of some financed vehicles.

FIRREA authorizes the Attorney General to bring a civil action for penalties for violations of certain criminal predicate offenses — as established by a preponderance of the evidence — that involve financial institutions or particular government agencies. The United States’ complaint alleges that National General violated FIRREA by committing the predicate acts of mail fraud, wire fraud and bank fraud.

The Civil Division’s Commercial Litigation Branch (Fraud Section) and the U.S. Attorney’s Office for the Western District of Pennsylvania handled the matter. The United States is represented in this matter by Trial Attorneys Lindsay DeFrancesco and Laura Hill of the Civil Division’s Fraud Section and Assistant U.S. Attorney Adam Fischer for the Western District of Pennsylvania.

The claims asserted against defendants are allegations only. There has been no determination of liability.