Category: Criminal Law

COVID-19 Healthcare Enforcement Actions to Increase in 2022 and Beyond

The Department remains committed to using every available federal tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud. We will continue to hold accountable those who seek to exploit the pandemic for personal gain, to protect vulnerable populations, and to safeguard the integrity of taxpayer-funded programs”

US Attorney General Merrick Garland – March 10, 2022, Remarks

The Biden Administration, US Department of Justice (DOJ), US Department of Health and Human Services Office of Inspector General (HHS-OIG), and other federal agencies have prioritized prosecuting COVID-19-related fraud since the pandemic began. Although the United States appears to be finally emerging from the pandemic, the government’s pandemic-related enforcement actions are here to stay for the foreseeable future. DOJ has made clear that the government’s COVID-19 enforcement efforts will accelerate, with a more significant focus on complex healthcare fraud cases and civil actions under the False Claims Act (FCA). As the federal government continues to devote additional resources towards its pandemic-related enforcement efforts, healthcare companies, hospital systems and providers should prepare for increased scrutiny.

Additional Resources Devoted to COVID-19 Fraud Enforcement Efforts

DOJ and other federal agencies have already devoted an unprecedented amount of resources to investigating and prosecuting pandemic-related fraud cases. These extensive efforts have led to immediate results. To date, DOJ has brought pandemic-related criminal charges against more than 1,000 individuals with the total alleged fraud losses exceeding $1 billion, and has seized more than $1.2 billion in fraudulently obtained relief funds.

DOJ’s pandemic-enforcement efforts show no sign of slowing down anytime soon. Less than a year after US Attorney General (AG) Merrick Garland established the COVID-19 Fraud Enforcement Task Force, the Biden administration announced that DOJ would appoint a chief prosecutor to expand on the Task Force’s “already robust efforts,” to focus on “most egregious forms of pandemic fraud” and to target particularly complex fraud schemes.

On March 10, 2022, DOJ announced that Kevin Chambers has been appointed as DOJ’s director for COVID-19 fraud enforcement. During his introductory remarks, Chambers said that DOJ would be “redoubling [its] efforts to identify pandemic fraud, to charge and prosecute those individuals responsible for it and whenever possible, to recover funds stolen from the American people.” He also indicated that DOJ would use “new tools” it has developed since the start of the pandemic to investigate such fraud.

In a March 2, 2022, speech before the American Bar Association’s Annual National Institute on White Collar Crime, AG Garland also announced that the Biden Administration will seek an additional $36.5 million in the 2022 budget for DOJ to “bolster efforts to combat pandemic-related fraud.” As evidence of this point, DOJ plans to hire 120 new prosecutors and 900 new Federal Bureau of Investigation agents who will focus on white-collar crime.

DOJ and HHS-OIG to Increasingly Focus on FCA Cases

For the past two years, officials from DOJ and HHS-OIG have identified civil and criminal healthcare fraud relating to COVID-19 as a high priority. As the effects of the pandemic subside, COVID-19-related civil enforcement actions targeting healthcare providers and healthcare companies seem set to increase.

During remarks at the Federal Bar Association’s annual Qui Tam Conference in February 2022, Gregory Demske, chief counsel to the inspector general for HHS-OIG, emphasized that COVID-19 remains a key enforcement priority. Demske indicated that HHS-OIG is focused on the use of COVID-19 to bill for medically unnecessary services, and fraud in connection with HHS’s Provider Relief Fund (PRF) and Uninsured Relief Fund. Demske also confirmed that HHS-OIG remains intensely focused on fraud in connection with telehealth services, the use of which increased exponentially during the pandemic. And, in March 2022, AG Garland reiterated that DOJ will use “every available federal tool—including criminal, civil, and administrative actions—to combat and prevent COVID-19 related fraud.”

The majority of pandemic-related healthcare enforcement actions to date have been criminal prosecutions involving truly blatant instances of fraud and abuse. Going forward, civil and administrative actions likely will be used to pursue cases that turn on lower mens rea requirements or involve more complex regulatory issues. These civil actions will include qui tam actions filed by whistleblowers, as well as FCA cases initiated directly by the DOJ.

In 2021, DOJ recovered more than $5 billion in connection with FCA cases involving the healthcare industry. Given the unprecedented amount of government funds expended to combat the COVID-19 pandemic, DOJ and HHS-OIG will undoubtedly rely on the FCA to maximize the government’s financial recovery. DOJ has already reached FCA settlements in several Paycheck Protection Program cases. It is only a matter of time before we see similar FCA investigations, complaints and settlements focused on relief funding to healthcare providers.

Pandemic-Related Healthcare Priorities

HHS’s PRF

The PRF was created as part of the Coronavirus Aid, Relief and Economic Security (CARES) Act to provide direct payments to “eligible health care providers for health care-related expenses [and] lost revenues that are attributable to coronavirus.” More than $140 billion has been disbursed to hospitals and healthcare providers under the PRF, which is administered by the Health Resources & Services Administration (HRSA).

Payments under the PRF are subject to specific terms and conditions. To retain PRF disbursements, providers must attest to “ongoing compliance” with these requirements and acknowledge that their “full compliance with all Terms and Conditions is material to the Secretary’s decision to disburse funds.” Notwithstanding ongoing concerns and confusion regarding the PRF program requirements, any noncompliance with the terms and conditions could result in criminal, civil and administrative enforcement actions. As recently as March 3, 2022, AG Garland identified fraud in connection with the PRF as a key DOJ enforcement priority.

To date, the Healthcare Fraud Unit of DOJ’s Criminal Division has already brought criminal charges against nine individuals for fraud relating to the PRF. These criminal cases, however, have almost exclusively focused on egregious allegations of fraud and abuses, such as misappropriating PRF disbursements and using the money for personal expenses. For example, in September 2021, DOJ charged five individuals with using PRF payments to gamble at Las Vegas casinos and purchase luxury cars.

DOJ, however, has long indicated that the FCA will also play a “significant role” in DOJ’s PRF enforcement efforts. It is now just a matter of time before such civil investigations and settlements emerge.

HRSA’s stated oversight plan includes post-payment analysis and review to determine whether HHS distributed PRF payments to eligible providers in the correct amounts; audits to assess whether recipients used the funds in accordance with laws, guidance, and terms and conditions; and the recovery of overpayments and unused or improperly used payments. Among other things, HRSA and HHS-OIG likely will evaluate ownership changes, double counting reimbursed expenses and losses, and compliance with the balanced billing requirements.

PRF oversight and enforcement actions have been delayed partly because of program complexities and extended reporting timelines. For example, the first report from PRF recipients on use of funds was not due until the end of 2021. Depending on the date funds were received, PRF recipients may have no reporting obligations through 2023. Entities that expended more than $750,000 in federal awards, including PRF payments, also must obtain an independent audit examining their financial statements; internal controls; and compliance with applicable statutes, regulations and program requirements. These independent audits of PRF payments must be submitted to the Federal Audit Clearinghouse, for nonprofit organizations, or the HRSA Division of Financial Integrity, for for-profit “commercial” organizations. Recipients also may be subject to separate audits by HHS, HHS-OIG or the Pandemic Response Accountability Committee to review copies of records and cost documentation and to ensure compliance with the applicable terms and conditions.

Finally, DOJ and HHS-OIG have increasingly relied on sophisticated data analytics to drive their healthcare enforcement efforts generally. Now that the first round of reports containing specific PRF data certifications are available to HRSA and HHS-OIG, we expect to see the use of such analytics, in conjunction with all the other available information, in connection with PRF enforcement.

Telehealth

Telehealth use expanded exponentially during the pandemic. A March 2022 HHS-OIG report showed that during the first year of the pandemic, more than 28 million Medicare beneficiaries (approximately 43% of all Medicare beneficiaries) used telehealth services—a “dramatic increase from the prior year” in which only 341,000 beneficiaries used telehealth. This increase was largely the result of HHS temporarily waiving statutory and regulatory requirements related to telehealth to allow Medicare beneficiaries to obtain expanded telehealth services.

Telehealth has been at the forefront of DOJ’s healthcare enforcement efforts for years now. For example, DOJ’s 2021 nationwide healthcare enforcement action included criminal charges against dozens of individuals for telehealth fraud schemes involving more than $1.1 billion in alleged loses. The majority of these telehealth enforcement actions to date have involved the use of telehealth to engage in traditional fraud healthcare schemes, such as illegal kickbacks and billing for medically unnecessary services and equipment.

DOJ, however, has increasingly pursued criminal enforcement actions directly related to the telehealth waivers HHS issued in response to the pandemic. For example, in November 2021, a defendant was sentenced to 82 months in prison for participating in a $73 million telehealth fraud scheme. The defendant owned laboratories that provided genetic testing and had paid his coconspirators to arrange for telehealth providers to order medically unnecessary genetic tests. The telehealth providers were not actually treating the beneficiaries, did not use the test results and often never even conducted the telemedicine consultation. Although this was primarily a traditional Anti-Kickback Statute/medical necessity case, DOJ also charged the defendant with using the COVID-19-related telehealth waivers to submit more than $1 million in false claims for sham telemedicine visits.

Similar criminal prosecutions and civil actions relating to the expanded telehealth waivers and sham telehealth encounters can be expected in the future. DOJ and HHS-OIG will likely focus on telehealth visits that resulted in claims for services and equipment with particularly high reimbursement rates, such as genetic testing and durable medical equipment. DOJ and HHS-OIG likely will use data analytics to focus on instances in which telehealth services were billed by providers with whom the beneficiary did not previously have a relationship.

Improper Billing Schemes

DOJ has also pursued criminal cases involving traditional healthcare fraud schemes that sought to take advantage of the COVID-19 pandemic. For example, in May 2021, DOJ announced criminal charges against numerous individuals who were improperly bundling COVID-19 tests with other more expensive laboratory tests, such as genetic testing, allergy testing and respiratory pathogen panel testing. DOJ has likewise pursued criminal cases in which defendants improperly used COVID-19 “emergency override” billing codes to circumvent preauthorization requirements and bill Medicare for expensive medications and treatments. Any improper billing schemes that relate to the pandemic will continue to be a focus of criminal and civil enforcement efforts going forward.

Key Takeaways and Recommendations

DOJ, HHS-OIG and other federal agencies remain focused on pursuing healthcare fraud relating to the COVID-19 pandemic. The best way for hospitals, health systems and other healthcare companies and providers to prepare for this increased enforcement activity and scrutiny is to ensure that they have a robust compliance program in place.

There is no one-size-fits-all approach to compliance, but companies can take several proactive and practical steps to minimize their enforcement risk:

  • Monitor federal and state regulatory and statutory changes. The rules, regulations and guidance relating to the COVID-19 pandemic, including for the PRF and expanded telehealth waivers, have repeatedly changed over the past two years and continue to evolve. Monitoring such changes will not only help prevent enforcement actions, but a company’s reasonable and good faith efforts to interpret and follow such rules and regulations can be a powerful defense should an investigation arise, as discussed in connection with the Allergan case, above. Further to that point, where regulatory requirements and associated guidance is ambiguous, a good documentary record of the basis for your entity’s interpretation of the rules is critical.
  • Incorporate data analytics into your compliance program. DOJ and HHS-OIG continue to rely heavily on sophisticated data analytics, including artificial intelligence, to identify and prosecute fraud. In March 2022, AG Garland emphasized DOJ’s use of “big data” to identify payment anomalies that are indicative of fraud. Healthcare companies already have access to vast amounts of data that they can and should use to proactively identify errors, monitor risk areas and address any potential misconduct.
  • Adapt your compliance program and internal controls, as appropriate, to support PRF compliance, reports and audits. Recipients should continue to practice good compliance hygiene and maintain contemporaneous records regarding the receipt and spending of federal funds. Doing so may involve implementing additional systems to track spending, recovery and relief to avoid overlapping use of funds among relief programs, or consulting with grant accounting and compliance advisors to augment existing infrastructure. Recipients also should periodically review policies, procedures and controls, particularly following major updates to program requirements and interpretations.
  • Ensure the accuracy of required PRF reports, certifications and submissions. Particularly in light of ongoing political pressure, HRSA and HHS-OIG likely will conduct extensive oversight of the PRF to identify potential errors, overpayments and improper use of funds. Recipients should carefully review guidance and instructions to avoid inadvertent errors and misstatements on all submissions. Recipients may consider revisiting prior submissions underlying significant disbursements to identify interpretative issues or compliance concerns that warrant additional supporting documentation or disclosure.
  • Carefully consider the implications before entering into arrangements with other parties. The biggest risk to healthcare companies often comes from those with whom they do business. Compliance programs should focus heavily on reducing the risk of entanglement with bad actors.
  • Be diligent in the design and oversight of marketing strategies. Healthcare companies and providers should regularly review their marketing strategies to ensure total transparency and compliance (both historic and prospective) with applicable state and federal anti-kickback statutes. Companies should confirm that patients are reached through appropriate channels. Although issues relating to COVID-19 may be the impetus for a government investigation, violations of the Anti-Kickback Statute frequently result in larger recoveries for the government.
  • Proactively examine coding and billing practices. Providers should immediately review and revisit their coding and billing practices to determine if their practices involved bundling COVID-19 testing with other claims, the use emergency override billing codes or billing for other COVID-19 related services with high reimbursement rates. There is a strong likelihood that the DOJ will review the claims data for any providers with statistically significant use of these billing and coding practices, particularly when the providers are located in geographical areas where the DOJ’s Healthcare Fraud Strike Force and HHS-OIG’s Medicare Fraud Strike Force operate.

Article By Julian L. André, Benton Curtis, and Dawn R. Helak of McDermott Will & Emery

For more health law legal news, click here to visit the National Law Review.

© 2022 McDermott Will & Emery

The DOJ Throws Cold Water on the Frosties NFT Founders

The U.S. Attorney’s Office for the Southern District of New York recently charged two individuals for allegedly participating in a scheme to defraud purchasers of “Frosties” non-fungible tokens (or “NFTs”) out of over $1 million. The two-count complaint charges Ethan Nguyen (aka “Frostie”) and Andre Llacuna (aka “heyandre”) with conspiracy to commit wire fraud in violation of 18 U.S.C. § 1349 and conspiracy to commit money laundering in violation of 18 U.S.C. § 1956.   Each charge carries a maximum sentence of 20 years in prison.

The Defendants marketed “Frosties” as the entry point to a broader online community consisting of games, reward programs, and other benefits.  In January 2022, their “Frosties” pre-sale raised approximately $1.1 million.

In a so-called “rug pull,” Frostie and heyandre transferred the funds raised through the pre-sale to a series of separate cryptocurrency wallets, eliminated Frosties’ online presence, and took down its website.  The transaction, which was publicly recorded and viewable on the blockchain, triggered investors to sell Frosties at a considerable discount.  Frostie and heyandre then allegedly proceeded to move the funds through a series of transactions intended to obfuscate the source and increase anonymity.  The charges came as the Defendants were preparing for the March 26 pre-sale of their next NFT project, “Embers,” which law enforcement alleges would likely have followed the same course as “Frosties.”

In a public statement announcing the arrests, the DOJ explained how the emerging NFT market is a risk-laden environment that has attracted the attention of scam artists.  Representatives from each of the federal agencies that participated in the investigation cautioned the public and put other potential fraudsters on notice of the government’s watchful eye towards cryptocurrency malfeasance.

This investigation comes on the heels of the FBI’s announcement last month of the Virtual Asset Exploitation Unit, a special task force dedicated to blockchain analysis and virtual asset seizure.  The prosecution of the Defendants in this matter continues aggressive efforts by federal agencies to reign in bad actors participating in the cryptocurrency/digital assets/blockchain space.

Article By Matthew G. Lindenbaum, Robert L. Lindholm, and Daniel Curran of Nelson Mullins

For more crypto and cybersecurity legal news, click here to visit the National Law Review.

Copyright ©2022 Nelson Mullins Riley & Scarborough LLP

DOJ Aggressively Targeting PPP Loan Recipients for Fraud: What Businesses Need to Know

More than five million businesses applied for emergency loans under the Paycheck Protection Program (PPP), and with a hurried implementation that prevented a full diligence process, it’s not surprising the program became a target for fraud. The government is now aggressively conducting investigations, employing both criminal and civil enforcement actions. On the civil lawsuit front, companies that received PPP loans should be aware of actions brought under the False Claims Act (FCA) and the Financial Institutions Reform, Recovery and Enforcement Act (FIRREA). This advisory details some of the key points of these enforcement tools and what the government looks for when prosecuting fraudulent conduct.

How will PPP Loan Fraud Enforcement Under the FCA Work?

A company can be liable under the FCA if it knowingly presents a false or fraudulent claim for payment or approval to the government or uses a falsified record in the course of making a false claim. 31 U.S.C. § 3729(a)(1)(A), (B). The FCA allows the government to recover up to three times the amount of the damages caused by the false claims in addition to financial penalties of not less than (as adjusted for inflation) $12,537, and not more than $25,076 for each claim.

The FCA can be enforced by individuals through qui tam lawsuits. This means a private individual, known as a relator, can file a lawsuit on behalf of the government. When a qui tam case is filed, it remains confidential (under seal) while the government reviews the claim and decides whether to intervene in the case. If the lawsuit is successful, the relator is entitled to a portion of the reward.

The False Claims Act has been used to pursue fraud claims in connection with PPP loan applications. Any company that participated in the PPP by applying for a loan should retain documentation justifying all statements made on the loan application and evidencing how any funds obtained through the loans were utilized.

How will PPP Loan Fraud Enforcement Under FIRREA Work?

The government is also utilizing FIRREA in response to fraudulent conduct related to PPP loans. FIRREA is a “hybrid” statute, predicating civil liability on the government’s ability to prove criminal violations. The statute allows the government to recover penalties against a person who violates specifically enumerated criminal statutes such as bank fraud, making false statements to a bank, or mail or wire fraud “affecting a federally insured financial institution.” 12 U.S.C. §1833a.

To establish liability under FIRREA, the government does not have to prove any additional element beyond the violation of that offense and that the violation “affect[ed] a federally insured financial institution.” The government has invoked FIRREA in the context of PPP loan fraud by stating the fraud related to obtaining the loan falls under one or more of the predicate offenses set forth in the statute.

What Factors Determine PPP Loan Fraud Penalties Under FIRREA?

While the assessment of a penalty is mandatory under FIRREA, the amount of the penalty is left to the discretion of the court but may not exceed $1.1 million per offense. There is an exception to this maximum penalty, however, if the person against which the action is brought profited from the violation by more than $1.1 million. FIRREA then allows the government to collect the entire amount gained by the perpetrator through the fraud. The actual amount of the penalty is determined by the court after weighing several factors including:

  • The good or bad faith of the defendant and the degree of his/her knowledge of wrongdoing;
  • The injury to the public, and whether the defendant’s conduct created substantial loss or the risk of substantial loss to other persons;
  • The egregiousness of the violation;
  • The isolated or repeated nature of the violation;
  • The defendant’s financial condition and ability to pay;
  • The criminal fine that could be levied for this conduct;
  • The amount the defendant sought to profit through his fraud;
  • The penalty range available under FIRREA; and
  • The appropriateness of the amount considering the relevant factors.

The government favors utilizing FIRREA penalties to pursue fraud claims for several reasons. The statute of limitations provided in 12 U.S.C. §1833a(h) is 10 years, which is much longer than most civil statutes of limitations. The standard of proof required to impose penalties is preponderance of the evidence, rather than the higher “beyond a reasonable doubt” standard that must be met in a criminal prosecution.

Checklist for PPP Loan Recipients

A company that applied for COVID relief funds, such as PPP loans, should ensure they satisfy the eligibility requirements for obtaining the loan, confirm false statements were not made during the application, and review the rules set forth by the SBA for applying for PPP. The government has shown it is willing to pursue remedies under the FCA and FIRREA for fraudulent statements made regarding a PPP loan application.

Article By Ronald G. DeWaard, Gary J. Mouw, and Gage M. Selvius of Varnum LLP

For more white collar crime and business fraud legal news, click here to visit the National Law Review.

© 2022 Varnum LLP

Federal Criminal Drug Counterfeiting Defense

Introduction: What is Drug Counterfeiting?

Selling fake drugs may subject you to criminal liability under 21 U.S.C. § 331. Section 331 makes it illegal to sell a misbranded or adulterated drug in interstate commerce. The sale of counterfeit drugs must involve interstate commerce. If you sell a counterfeit drug and it crosses state lines, you will have violated this section. For instance, if you buy aspirin in New York and sell it as codeine in New Jersey, then you may be convicted under the federal counterfeit drug statute. In addition, 18 U.S. Code § 2320 – trafficking in counterfeit goods or services – may also apply. This section makes it a federal crime to traffic goods or services and then knowingly use a counterfeit mark in connection with the good or service. An example of a federal crime includes an individual creating a counterfeit drug that replicates a genuine drug, or selling fake drugs. Conduct under this statute includes possessing, manufacturing and then promoting and selling the counterfeit drug to the public.

You may also face liability for criminal fraud under 18 U.S.C. 1001. This section makes it illegal to knowingly and willfully falsify or cover up a material fact; make a materially false or fraudulent statement, or make or use false writing or document knowing that it is false. An example of criminal fraud includes telling a buyer that the product is a powerful painkiller when in fact it is a combination of baby aspirin and vitamins, and you know this. The above sections also apply to black market transactions. For instance, if you tell someone they are buying heroin when you know it is a combination of flour and caffeine, you just knowingly made a materially false statement. This article explains drug counterfeiting, definition, penalties, and tips for choosing a law firm.

Penalties for Drug Counterfeiting

Selling counterfeit drugs or fake drugs can lead to significant penalties. Under 21 U.S.C. §§ 331 and 333, if you are convicted of selling counterfeit drugs across interstate commerce and you had no intent to mislead, you face a fine of up to $1,000 and a sentence of one year or less imprisonment, or both. On the other hand, if you are convicted of selling counterfeit drugs across interstate commerce and you had the intent to mislead, you face a fine of up to $10,000 and up to three years imprisonment, or both. Each sale you conduct is a separate offense—meaning that if you intentionally sell a counterfeit drug to 20 people, you face charges for 20 separate accounts. This amounts to 60 years imprisonment and a $200,000 penalty.

Also, if charged with criminal fraud under 18 U.S.C. § 1001 and convicted, you could face up to five years imprisonment and/or fines of not more than two times the gross gain or loss from the counterfeit drug sale. In addition to penalties and jail time, these charges may lead to loss of your medical license or driver’s license, termination from your employment, difficulties finding another job, loss of your immigration visa, difficulty securing a home to buy or rent, and a permanent criminal record for being a drug offender. Because of this possibility, it is important to retain a federal criminal defense attorney experienced in federal counterfeiting defense. This will give you the best defense and chance of a successful outcome.

“Several years ago, the DOJ announced efforts to expand the scope and extent of its federal investigations into suspected criminal activity as well as to increase both the charges brought and the penalties for violating federal law. Further, many counterfeiting charges require intent to defraud. Without this intent element, you cannot be found guilty. Only an experienced team can tackle this challenge and provide you with a strong defense.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.

Four Steps to Take When Choosing Criminal Defense Lawyers

1. Make sure the law firm is focused on federal criminal law. You must be wise when choosing a criminal defense attorney because it can mean all the difference. Now is not the time to go with a junior attorney or the attorney who offers lower costs. Do not choose an attorney who claims to have a good understanding of counterfeiting defenses but who does not have a successful track record. Grand jury subpoenas and investigations are serious matters. Serious matters demand the services of a serious defense team—a defense team with a proven track record in successfully defending clients against federal counterfeiting charges.

2. Pick a law firm with an intricate knowledge of federal counterfeiting. You would not choose a doctor who does not fully understand your medical condition. You would choose the best medical professional for a serious medical condition. Do the same with your criminal defense attorney. A good attorney can find loopholes and exceptions in the law and argue them in your favor. A good attorney will go the extra mile for you. Your attorney should be able to answer questions such as their knowledge of federal counterfeiting, defenses available, their track record of success, federal trial court experience, and experience in federal criminal law.

3. Ask about your attorney´s success rate. An attorney is only as good as the results they obtain. It is important to have an honest attorney-client relationship so make sure to get an honest answer when asking your attorney about their success rates in cases similar to yours. A good attorney is often able to keep federal criminal matters out of the news by ending the federal investigation early on. A successful track record includes obtaining the following results for clients:

  • Quashing federal subpoenas;
  • Getting clients acquitted at trial;
  • Dismissing the entire indictment;
  • Avoiding criminal charges and penalties altogether; and
  • Getting sentences of probation over charges that often call for several years’ imprisonment.

4. Pick a law firm that is dedicated and committed to your case. A good law firm demonstrates dedication and open communication to its clients. Your attorney should be committed to fighting for you. It is often easy to tell whether your attorney truly wants to help you or whether they just want to make money from handling your case. Assess the sincerity of your attorney. Similarly, you must be able to freely talk to your attorney. Without open and continuous communication channels, many clients become anxious about the next stages in the investigation.

Conclusion

Drug counterfeiting charges are not to be taken lightly. Charges of criminal drug counterfeiting crimes can be devastating to an individual’s career. Not only can such charges lead to criminal penalties and jail time, but they could also result in the permanent loss of your ability to practice medicine, thereby destroying your reputation. It is therefore critical to retain an attorney that is experienced in federal counterfeiting crimes legislation, delivering strong defenses, and vigorously defending their clients against criminal charges and prosecutions.

Oberheiden P.C. © 2022
For more about crime, visit the NLR Criminal Law/Business Crimes type of law page.

State Treasurers Call on SEC to Investigate Apple’s Nondisclosure Agreements

In a January 30, 2022 letter to SEC Chair Gensler, eight State treasurers requested that the SEC investigate Apple’s nondisclosure agreements and whether Apple misled the SEC about their use of nondisclosure provisions in employment and post-employment agreements.  According to the January 30th letter, “multiple news reports have stated that whistleblower documents demonstrate Apple uses the very concealment clauses it repeatedly claimed it does not use . . .”  The January 30th letter also points out the importance of permitting employees to report unlawful conduct and the need for shareholders to have accurate information about workplace culture.

The SEC can investigate whether Apple’s alleged use of concealment clauses in agreement and policies violates the SEC’s anti-gag rule, which prohibits any “person” from taking “any action to impede an individual from communicating directly with the Commission staff about a possible securities law violation, including enforcing, or threatening to enforce, a confidentiality agreement . . . .”  Exchange Act Rule 21F-17, 17 C.F.R. § 240.21F-17.

The purpose of the anti-gag rule is to facilitate the disclosure of information to the SEC relating to possible securities law violations.  As explained in the release adopting the SEC’s whistleblower rules, “an attempt to enforce a confidentiality agreement against an individual to prevent his or her communications with Commission staff about a possible securities law violation could inhibit those communications . . . and would undermine the effectiveness of the countervailing incentives that Congress established to encourage individuals to disclose possible violations to the Commission.”  Implementation of the Whistleblower Provisions of Section 21F of the Securities Exchange Act of 1934, Release no. 34-64545 (May 25, 2011).

The SEC has taken enforcement actions for violations of Rule 21F-17, most of which are focused on employer agreements and policies that have the effect of impeding whistleblowing to the SEC.  These enforcement actions have strengthened the SEC’s whistleblower program by encouraging whistleblowers to report fraud and encouraging employers to revise their NDAs and policies to clarify that such agreements and policies do not bar lawful whistleblowing.

Apple’s market capitalization of approximately $2.8 trillion renders it the world’s most valuable company.  If Apple is using concealment clauses and unlawful NDAs to silence whistleblowers, then Apple shareholders may not have an accurate and complete picture of the company’s financial condition and risks, including Apple’s ESG-related risks and risks stemming from its potential violations of anti-trust laws.  Accordingly, it will be critical for the SEC to take enforcement action if it finds that Apple has violated the SEC’s anti-gag rule.

By some estimates, fraud and other white-collar crime costs the US economy $300 billion to $800 billion per year.  To combat fraud, regulators and law enforcement need the assistance and cooperation of whistleblowers to detect and effectively prosecute fraud.  But there are many substantial risks that deter whistleblowers from coming forward, including the risk of being sued for breaching a confidentiality agreement.  The continued success of whistleblower reward programs will hinge in part on regulators taking a firm stand against agreements and policies that impede whistleblowing.

For more information on unlawful restrictions on whistleblowing, see the article De Facto Gag Clauses: The Legality of Employment Agreements That Undermine Dodd-Frank’s Whistleblower Provisions.

This article was written by Jason Zuckerman and Matthew Stock of Zuckerman Law. For more articles relating to NDAs, please click here.

Sixth Circuit Clarifies When Statute of Limitations Commences in False Claims Act Whistleblower Retaliation Cases

On January 10, 2022, the Sixth Circuit held in El-Khalil v. Oakwood Healthcare, Inc., 2022 WL 92565 (6th Cir. Jan 10, 2022) that the statute of limitations period for a False Claims Act whistleblower retaliation case commences when the whistleblower is first informed of the retaliatory adverse employment action.

El-Khalil’s False Claims Act Whistleblower Retaliation Claim

While working as a podiatrist at Oakwood Healthcare, El-Khalil saw  employees submit fraudulent Medicare claims, which he reported to the federal government. In 2015, Oakwood’s Medical Executive Committee (MEC) rejected El-Khalil’s application to renew his staff privileges.  After commencing a series of administrative appeals, El-Khalil found himself before Oakwood’s Joint Conference Committee (JCC) on September 22, 2016. The JCC, which had the authority to issue a final, non-appealable decision, voted to affirm the denial of El-Khalil’s staff privileges.  On September 27, 2016, the JCC sent El-Khalil written notice of its decision.

Three years later, on September 27, 2019, El-Khalil sued Oakwood for retaliation under the False Claims Act whistleblower retaliation law.  Oakwood moved for summary dismissal on the basis that the claim was not timely filed in that the JCC’s decision became final when it voted on September 22, 2016 and therefore the filing on September 27, 2019 was outside of the 3-year statute of limitations. The district court granted Oakwood’s motion and El-Khalil appealed.

Sixth Circuit Denies Relief

In affirming the district court, the Sixth Circuit held that the text of the FCA anti-retaliation provision (providing that an action “may not be brought more than 3 years after the date when the retaliation occurred”) is unequivocal that the limitations period commences when the retaliation actually happened. It adopts “the standard rule” that the limitations period begins when the plaintiff “can file suit and obtain relief,” not when the plaintiff discovers the retaliation. The retaliation occurred on September 22 when the JCC voted to affirm the denial of El-Khalil’s staff privileges, and the JCC’s September 27 letter merely memorialized an already final decision.

In addition, the Sixth Circuit held that the False Claims Act’s whistleblower protection provision does not contain a notice provision. As soon as Oakwood “discriminated against” El-Khalil “because of” his FCA-protected conduct, he had a ripe “cause of action triggering the limitations period.” The court noted that if an FCA retaliation plaintiff could show that the employer concealed from the whistleblower the decision to take an adverse action, the whistleblower might be able to avail themself of equitable tolling to halt the ticking of the limitations clock.

Implications for Whistleblowers

Some whistleblower retaliation claims have a short statute of limitations and therefore it is critical to promptly determine when the statute of limitations starts to run.  For most whistleblower retaliation claims that are adjudicated at the U.S. Department of Labor, the clock for filing a complaint begins to tick when the complainant receives unequivocal notice of the adverse action.  Udofot v. NASA/Goddard Space Center, ARB No. 10-027, ALJ No. 2009-CAA-7 (ARB Dec. 20, 2011).  If a notice of termination is ambiguous, the statute of limitations may start to run upon the effective date of the termination as opposed to the notice date.  Certain circumstances may justify equitable modification, such as where:

  1. the employer actively misleads or conceals information such that the employee is prevented from making out a prima facie case;
  2. some extraordinary event prevents the employee from filing on time;
  3. the employee timely files the complaint, but with the wrong agency or forum; or
  4. the employer’s own acts or omissions induce the employee to reasonably forego filing within the limitations period.

See Turin v. AmTrust Financial Svcs., Inc., ARB No. 11-062, ALJ No. 2010-SOX-018 (ARB March 29, 2013).

When assessing the statute of limitations for whistleblower retaliation claims, it is also critical to calculate the deadline to timely file a claim for each discrete adverse action or each act of retaliation.  However, in an action alleging a hostile work environment, retaliatory acts outside the statute of limitations period are actionable where there is an ongoing hostile work environment and at least one of the acts occurred within the statute of limitations period.  And when filing a retaliation claim, the whistleblower should consider pleading untimely acts of retaliation because such facts are relevant background evidence in support of a timely claim.

Article By Jason Zuckerman of Zuckerman Law

For more whistleblower and business crimes legal news, click here to visit the National Law Review.

© 2022 Zuckerman Law

SEC Report Details Record-Shattering Year for Whistleblower Program

On November 15, the U.S. Securities and Exchange Commission (SEC) Whistleblower Program released its Annual Report to Congress for the 2021 fiscal year. The report details a record-shattering fiscal year for the agency’s highly successful whistleblower program. During the 2021 fiscal year, the SEC Whistleblower Program received a record 12,200 whistleblower tips and issued a record $564 million in whistleblower awards to a record 108 individuals. Over the course of the year, the whistleblower program issued more awards than in all previous years combined.

“The SEC’s Dodd-Frank Act whistleblower program has revolutionized the detection and enforcement of securities law violations,” said whistleblower attorney Stephen M. Kohn. “Congress needs to pay attention to this highly effective anti-corruption program and enact similar laws to fight money laundering committed by the Big Banks, antitrust violations committed by Big Tech, and the widespread consumer frauds often impacting low income and middle class families who are taken advantage of by illegal lending practices, redlining, and credit card frauds.”

“The report documents that whistleblowing works, and works remarkably well, both in the United States and worldwide,” continued Kohn. “The successful efforts of the SEC to use whistleblower-information to police Wall Street frauds is a milestone in the fight against corruption. Every American benefits from this program.”

In the report, Acting Chief of the Office of the Whistleblower Emily Pasquinelli states “[t]he success of the Commission’s whistleblower program in landmark FY 2021 demonstrates that it is a vital component of the Commission’s enforcement efforts. We hope the awards made this year continue to encourage whistleblowers to report specific, timely, and credible information to the Commission, which will enhance the agency’s ability to detect wrongdoing and protect investors and the marketplace.”

Read the SEC Whistleblower Program’s full report.

Geoff Schweller also contributed to this article.

Copyright Kohn, Kohn & Colapinto, LLP 2021. All Rights Reserved.
For more on SEC Whistleblower Rewards, visit the NLR White Collar Crime & Consumer Rights section.

Crypto Laundering: Bitcoin + Money Laundering

Bitcoin was a massive innovation to the world that allows transactions to be processed faster, makes them easier to use, lack third parties and intermediaries, and have stronger security. The technology underlying Bitcoin is the blockchain, which is the decentralized ledger where all Bitcoin transactions are stored.

At the same time, criminals are increasingly seeking to exploit the latest technology to their financial benefit. Bitcoin transactions actually have the ability to make money laundering easier for criminals because cryptocurrencies are conducted, transferred, and stored online and allow cybercriminals to move their funds instantly across borders.

This article explains the interconnection between Bitcoin and money laundering, warning signs, and how a lawyer can help you with your crypto issue.

Bitcoin as an Attractive Option for Laundering

One of the first questions many ask is why is Bitcoin such an attractive option for criminals seeking to launder money?

The most important answer is that laundering cryptocurrencies via online exchanges and then converting them to cash is much simpler than laundering bags of cash often across borders. Online transactions have no borders, and it obviates the need to physically move illegal money from place to place. Therefore, it is easy and practical.

Second, there is a certain degree of anonymity associated with Bitcoin transactions. While not 100% anonymous, these transactions are in fact pseudonymous. This means that the public Bitcoin addresses used for transactions are not registered in the names of individuals.

The transactions are stored publicly on the blockchain (the public decentralized ledger where all transactions are stored), but only the individual making the transaction has access to the account and Bitcoin wallet. Therefore, federal agencies will have a challenging time linking a particular Bitcoin transaction back to any one individual or entity. However, detection is not impossible.

To overcome this obstacle, criminals will use Bitcoin mixing services, which allow the individual to “mix” their Bitcoins with other users and jumble the connections between individuals’ addresses.

The goal is to make it practically impossible for anyone to detect the origin and destination addresses of those illegal Bitcoin transactions. This allows criminals to cash out without fear of ever being identified. In addition, many wallet providers and online crypto exchanges have few if not no anti-money laundering (“AML”) or Know Your Customer (“KYC”) regulations, which represents a very attractive option for cybercriminals.

Third, the lack of regulation or inconsistent regulation of the crypto sphere makes detection of large Bitcoin transactions more unlikely—both the initial Bitcoin transaction and when the criminals seek to “cash-out” and convert their Bitcoins to cash.

Traditional financial and banking options are very regulated both at the state and federal levels. On the other hand, cryptocurrencies are loosely regulated. This makes the use of cryptocurrencies attractive to criminals who believe they can evade regulation and scrutiny of various law enforcement agencies within the nation and abroad.

Warning Signs of Crypto Laundering

Crypto laundering is a crime. Despite the lack of federal guidance on this issue, many law enforcement agencies are relying on existing laws and traditional investigative tools to uncover instances of crypto laundering. Below are some warning signs of crypto laundering:

  • Transfer of crypto funds to wallets in unregulated or less regulated jurisdictions;
  • Multiple high-value transactions occurring within a short period of time;
  • Bitcoin or other transactions totaling amounts that are just under the amount that would trigger reporting requirements;
  • Immediately withdrawing cryptocurrency deposits;
  • New accounts funded with an amount that is immediately withdrawn;
  • Transactions with multiple cryptocurrencies on many accounts;
  • Deposits from unregulated jurisdictions or jurisdictions with poor AML and KYC regulations; and
  • One wallet that is linked to multiple credit card accounts under different individuals’ names or one wallet linked to multiple bank accounts.

The above warning signs should be considered by individuals seeking to do business with a firm dealing with cryptocurrencies, by law enforcement agencies investigating certain individuals and entities, and during AML reviews within crypto service providers.

In addition, in 2020, the Financial Action Task Force (“FATF”) released a report about red flag indicators for money laundering that is intended to assist crypto wallet and exchange companies as well as financial authorities.

How An Attorney Can Help Defend You Against Crypto Laundering Allegations

Federal agencies including the Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) have been especially eager to investigate alleged instances of crypto laundering fraud. On June 29, 2021, in a DOJ investigation, “Doctor Bitcoin ” pleaded guilty to operating an illegal cash-to-cryptocurrency conversion business. This underscores the importance of retaining counsel experienced in defending against allegations of crypto laundering. Below are some examples of how an attorney can help you with your crypto issue:

  • Conducting fraud investigations involving cryptocurrencies;
  • Advising on Security Token Offerings (“STOs”) and Initial Coin Offerings (“ICOs”);
  • Valuing of cryptocurrencies and assets;
  • Assisting with purchasing property or other assets with cryptos;
  • Advising on AML and KYC regulations;
  • Checking on internal and external compliance;
  • Advising on wills, trusts, and inheritances of crypto assets and cryptocurrencies;
  • Drafting compliance documents or documents regarding coin issuances;
  • Advising on due diligence of customers;
  • Advising on identification and verification procedures involving crypto transactions; and
  • Advising on monitoring crypto transactions for compliance with applicable regulations, for suspicious activity, and for certain money laundering warning signs.

“The use of cryptocurrencies such as Bitcoin to facilitate online transactions has both advantages and disadvantages. While crypto transactions offer speed, ease in use, and low transaction costs, they can also facilitate elaborate money laundering schemes, illegal purchases, and ransomware attacks. Specifically, Bitcoin laundering is becoming a cost-effective and highly appealing option for cyber criminals aiming to convert illegally obtained cryptocurrencies into legitimate cash. While there are few laws regulating cryptocurrencies, many federal agencies will go after companies and individuals alleged to have engaged in fraudulent crypto transactions under already-existing statutes. Therefore, the consequences can be just as severe—fines and penalties, disgorgement orders, injunctions, and possibly jail time.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.

Conclusion

Crypto laundering is becoming a serious problem for law enforcement agencies as cybercriminals continue to exploit new and emerging technologies for financial gain. Criminals are attracted to the cryptocurrency, Bitcoin, because it is easy and practical to move digitized money, because these transactions are very difficult to trace, and because there is a lack of consistent regulation regarding cryptocurrencies.

Identifying red flags are important safeguards for individuals, businesses, and law enforcement agencies to consider. In fact, law enforcement agencies have been especially zealous in investigating alleged instances of crypto laundering based on certain red flags.

This article was written by Dr. Nick Oberheiden of Oberheiden PC. For more articles relating to crypto laundering, please visit our finance page.

10 Reasons Why FCPA Compliance Is Critically Important for Businesses

  • The Foreign Corrupt Practices Act (“FCPA”) prohibits companies from bribing foreign officials in an effort to obtain or retain business, and it requires that companies maintain adequate books, records, and internal controls to prevent unlawful payments.
  • The FCPA was passed in response to an increase in global corruption costs.
  • Implementing an effective FCPA compliance program can benefit companies financially and socially, and it can help companies seize opportunities for business expansion.
  • In drafted and implemented appropriately, an FCPA compliance program will: serve as an invaluable tool against corruption, promote ethical conduct within the company, reduce the societal costs of corruption, and foster business expansion domestically and globally.
  • Company leaders should consider hiring experienced legal counsel to provide advice and representation regarding FCPA compliance.

What is the Foreign Corrupt Practices Act?

Enacted in 1977, the Foreign Corrupt Practices Act (“FCPA”) is a federal law that prohibits bribery of foreign officials in an effort to obtain or retain business. It also requires companies to maintain adequate books, records, and internal controls in their accounting practices to prevent and detect unlawful transactions.

Congress passed the FCPA in response to growing concerns about corruption in the global economy. The FCPA includes provisions for both civil and criminal enforcement; and, over the past several decades, FCPA enforcement proceedings have resulted in billions of dollars in penalties, disgorgement orders, and other sanctions issued against companies accused of engaging in corrupt transactions with government entities.

What are the Risks of FCPA Non-Compliance?

The U.S. Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) are the primary agencies tasked with enforcing the FCPA. These agencies take allegations of FCPA violations very seriously, motivated in large part by the damage that bribery and corruption of foreign officials can cause to the interests of the United States. Prosecutions under the FCPA have increased in recent years, with both companies and individuals being targeted.

Due to the risk of federal prosecution, companies that do business with foreign entities must implement compliance programs that are specifically designed to prevent, detect and allow for appropriate response to transactions that may run afoul of the FCPA. In addition to helping to prevent and remedy FCPA violations, adopting a robust compliance program also demonstrates intent to follow the law and can create a positive view of your company in the eyes of federal authorities.

“Implementing an effective FCPA compliance program serves a number of important purposes. Not only can companies mitigate the risk of their employees engaging in corrupt practices, but they can also discourage corrupt conduct by other entities and demonstrate to federal authorities that they are committed to complying with the law.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.

If your company is targeted by the DOJ or SEC for a suspected FCPA violation, it will be important to engage federal defense counsel promptly. Having counsel available to represent your company during an FCPA investigation is crucial for protecting your company and its owners, executives, and personal against civil or criminal prosecution.

Why Should Companies Implement FCPA Compliance Programs?

Here are 10 of the most important reasons why companies that do business with foreign entities need to adopt comprehensive and custom-tailored FCPA compliance programs:

  1. The FCPA is an invaluable tool in the federal government’s fight against foreign corruption.
    • The FCPA is a massive piece of legislation that is designed to allow the DOJ and SEC to effectively combat corruption and bribery involving foreign officials. Ultimately, enforcement of the FCPA is intended to eliminate the costs of foreign corruption to the United States.
    • An effective and robust FCPA compliance program promotes these objectives while also protecting companies and individuals against civil liability and criminal prosecution.
  2. Anti-corruption laws like the FCPA promote ethical conduct.
    • Companies that have comprehensive policies against bribery and corruption send a strong message to other companies and foreign officials that they are committed to aiding in the federal government’s fight against corruption.
    • Foreign officials are less likely to ask for bribes from companies that promote an anti-corruption corporate environment through their compliance policies and procedures.
    • Compliance with anti-corruption laws promotes positive morale among company personnel who feel the pride of working for a company that is committed to transparency and ethical conduct.
  3. The FCPA allows companies to develop strong internal controls and avoid a slippery slope toward an unethical culture.
    • Companies that regularly utilize bribes in their business operations are likely to eventually encounter multiple problems, both in the U.S. and abroad.
    • Once a foreign official knows that a company is willing to pay bribes, that foreign official will request larger bribe amounts. In order to continue business operations in the relevant jurisdiction, company personnel may continue to accept the foreign official’s terms and pay larger bribes.
    • If left unchecked, corrupt practices can become so prevalent that they create enormous liability exposure for the company.
    • Maintaining a focus on FCPA compliance allows companies to develop effective internal controls that promote efficiency in their business operations.
  4. The FCPA reduces the societal costs of corruption.
    • Corruption increases costs to society. This includes political, social, economic, and governmental costs resulting from unethical business conduct.
    • By adopting and enforcing strong FCPA compliance programs, companies can help reduce these costs.
  5. The FCPA reduces the internal business costs of corruption.
    • Corporate success depends on certainty, predictability, and accountability. An environment where corruption is rampant costs companies time and money, and it can lead to disruptions in the continuity of their business operations.
    • FCPA compliance instills predictability in investments, business transactions, and dealings with foreign officials.
  6. Corruption and bribery create an unfair business environment.
    • Companies are more likely to be successful in an environment that emphasizes fair competition, and in which all competitors sell their products and services based on differentiation, pricing, and efficiency.
    • Corruption and bribery allow for unfair results in the marketplace. For instance, companies that utilize bribes can achieve increased sales and increased market share despite offering an inferior product at an uncompetitive price.
  7. The penalties under the FCPA encourage compliance and accurate reporting.
    • The penalties imposed under the FCPA incentivize the disclosure and reporting of statutory violations. These penalties include fines, imprisonment, disgorgement, restitution, and debarment.
    • Whistleblowers can receive between 10% and 30% of amounts the federal government recovers in FCPA enforcement litigation, and this provides a strong incentive to report violations as well.
    • The risk of significant penalties is an important factor for companies to consider when deciding how much time, effort, and money to invest in constructing an FCPA compliance program.
  8. Anti-corruption laws foster business expansion and stability both domestically and globally.
    • For companies that plan to expand domestically or internationally, success depends on the existence of a competitive environment in which companies compete fairly based on product differentiation, price, and other market factors.
    • Fair competition and growth opportunities are hampered when competitors can simply bribe their way to success. Therefore, FCPA enforcement is essential to maintaining fair competition.
    • DOJ and SEC investigations can severely disrupt efforts to maintain stability and predictability, and they can lead to significant financial and reputational harm.
  9. Corruption leads to human rights abuses.
    • Companies that regularly utilize corruption and bribery to achieve their business goals often resort to other illegal practices as well. This includes forced labor and child labor.
    • These types of human rights abuses are commonplace in countries where corruption and bribery are widespread.
    • To reduce the risk of these human rights abuses, it is crucial for company personnel to be educated on the potentially disastrous consequences of corruption and bribery.
    • Developing a robust compliance policy is the best way to educate personnel, reduce the risks of corruption and bribery, and eliminate the human rights abuses associated with these risks.
  10. The FCPA encourages open communication between companies and their legal counsel.
    • With regard to FCPA compliance, it is a legal counsel’s job to represent the best interests of the company and help the company foster an environment of ethical conduct. Achieving these objectives requires open and honest communication between the company and legal counsel.
    • Due to the severe sanctions imposed under the FCPA, companies are incentivized to hire counsel to advise them with regard to compliance and to adopt and implement effective FCPA compliance programs.

Effective FCPA Compliance Programs Help Companies Avoid Costs, Loss of Business Opportunities, and Federal Liability

Working with legal counsel to develop robust FCPA compliance policies and procedures can help prevent company personnel from offering bribes and engaging in other corrupt practices while also encouraging the internal disclosure of suspected violations. Failing to maintain adequate internal controls and foster a culture of compliance can be detrimental to a company’s operations, and FCPA violations can lead to civil or criminal prosecution at the federal level. As a result, all companies that do business with foreign entities would be well-advised to work with legal counsel to develop comprehensive FCPA compliance policies and procedures.

Oberheiden P.C. © 2020

For more on the Foreign Corrupt Practices Act see the National Law Review Criminal Law & Business Crimes section.

Thieves Breach Twitter Security to Commandeer Famous Accounts

The Twitter accounts of major companies and individuals were briefly taken over as part of a bitcoin scam. Former and current heads of states, global corporations, and presidential candidates had their twitter accounts compromised. The tweet from many of the twitter account said similar things, for example Kanye West’s feed stated that he is “giving back to my fans”; the message from Bezos’, Barack Obama, and Joe Biden’s account said that they had “decided to give back to my community”; while Elon Musk’s account said “feeling greatful” and provided a link to a Bitcoin wallet to send money to. The tweets would indicate that they would send double the money back to a limited number of contributors.

Twitter, through its Twitter Support account notified users that an internal investigation was conducted into the matter. The investigation revealed that several employees who had access to internal systems had their accounts compromised in a “coordinated social engineering attack.” Twitter’s internal system was then exploited to tweet from high-profile accounts. The attack was at least moderately successful considering the Bitcoin wallets promoted in the tweets received over 300 transactions and Bitcoin worth over $100,000.

These tweets began at about 4 P.M. (Eastern Standard Time) on Wednesday, July 16. The first wave of attacks hit the Twitter accounts of prominent cryptocurrency leaders and companies, but expanded quickly after that. Along with Vice President Biden, President Obama, Kanye West, Bill Gates, Michael Bloomberg, and Elon Musk, large company accounts were also targeted including Uber and Apple. Twitter’s initial response was to take down the offending tweets, but those were quickly replaced by new ones – – an indication that the hackers maintained access to the individual accounts.

The persistence of the attacks led to Twitter disabling some the platform services including the ability of blue-checked (verified) twitter users to tweet. The services were restored around four and a half hours after the suspicious tweets began. However, that shutdown period was not insignificant. Several National Weather Service Twitter accounts were shut down as a line of severe weather and possible tornadoes moved across the Midwest. The National Weather Service felt severely hampered in its ability to communicate with people about the impending storm.

In a tweet, Twitter’s CEO Jack Dorsey said that the company feels  “terrible this happened” and that they are “diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.” The nature of this attack is yet to be determined. The legal implications will hinge on the findings of the investigation, including whether there were sensitive direct messages accessed by the attackers. Considering the compromised accounts includes current and former heads of state (Prime Minister Benjamin Netanyahu, President Obama, and Vice President Biden), there are also questions of national security involved.

The United States does not have a comprehensive federal data breach notification scheme. These obligations are provided by the fifty states and sector-specific laws. More than 40 of the state breach notification laws contain a harm threshold pursuant to which notification is not required unless harm to affected individuals has occurred or is reasonably likely to occur. The EU’s GDPR also includes a similar assessment. As more information is disclosed, we will get a better understanding of Twitter and the attacked users’ incident response processes.

Copyright © 2020 Womble Bond Dickinson (US) LLP All Rights Reserved.