New York Compounding Pharmacy Settles Fraudulent Billing and Kickback Allegations in Whistleblower Lawsuit

Upstate New York pharmaceutical companies FPR Specialty Pharmacy (now defunct) and Mead Square Pharmacy, along with their owners, agreed to pay $426,000 to settle fraudulent claims and kickback allegations brought forth by a whistleblower. According to the U.S. government, the pharmacies submitted fraudulent claims for reimbursement to federal healthcare programs for compounded prescription drugs in violation of the False Claims Act and the Anti-Kickback Statute. The pharmacies allegedly sold prescription drugs to federal healthcare program beneficiaries in states without a license, improperly induced patients to purchase expensive custom compounded medications by waiving all or part of the substantial co-payments required under the federal healthcare programs, and paid sales representatives per-prescription commissions to illegally induce writing more prescriptions.

“The rules governing federal healthcare programs require pharmacies dispensing prescriptions to their members to be licensed with the appropriate state authorities to request reimbursement for the cost of the medications.  The pharmacies violated the False Claims Act by dispensing and requesting reimbursement for hundreds of prescriptions of “Focused Pain Relief” cream dispensed to federal healthcare program beneficiaries located in states where the pharmacies were not licensed to operate by the appropriate state authorities, and by failing to disclose that they were not licensed.  The Pharmacies also violated the False Claims Act by billing federal healthcare programs for prescriptions dispensed in states where they had obtained their state licenses under false pretenses, including by failing to inform state authorities that they had previously dispensed drugs in the states without a license and by failing to disclose” one of the pharmacy owners’ “criminal history on pharmacy license applications.”

Additionally, the pharmacies violated the Anti-Kickback Statute by engaging in two separate illegal practices, according to the government.  First, the pharmacies regularly charged federal healthcare program beneficiaries co-payments substantially below program requirements (which often exceeded $100) to induce them to purchase its pain cream, “Focused Pain Relief,” for which the federal healthcare programs paid hundreds and sometimes thousands of dollars each.  Second, the Pharmacies often paid illegal kickbacks to their sales representatives by giving sales commissions for the number of prescriptions written by the physicians the sales reps marketed.

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Pharmacies, like other participants in the healthcare industry, must follow the rules.  The defendants here brazenly flouted basic rules on licensing and kickbacks to line their pockets with dollars from federal healthcare programs.  That is a prescription for intervention by my office and our partners.”

Similar to this case, there have been many instances in which whistleblowers exposed company fraud against the Medicare system.


© 2020 by Tycko & Zavareei LLP

For more on pharmaceutical fraud, see the National Law Review Biotech, Food & Drug law section.

New York Compounding Pharmacy Settles Fraudulent Billing and Kickback Allegations in Whistleblower Lawsuit

Upstate New York pharmaceutical companies FPR Specialty Pharmacy (now defunct) and Mead Square Pharmacy, along with their owners, agreed to pay $426,000 to settle fraudulent claims and kickback allegations brought forth by a whistleblower. According to the U.S. government, the pharmacies submitted fraudulent claims for reimbursement to federal healthcare programs for compounded prescription drugs in violation of the False Claims Act and the Anti-Kickback Statute. The pharmacies allegedly sold prescription drugs to federal healthcare program beneficiaries in states without a license, improperly induced patients to purchase expensive custom compounded medications by waiving all or part of the substantial co-payments required under the federal healthcare programs, and paid sales representatives per-prescription commissions to illegally induce writing more prescriptions.

“The rules governing federal healthcare programs require pharmacies dispensing prescriptions to their members to be licensed with the appropriate state authorities to request reimbursement for the cost of the medications.  The pharmacies violated the False Claims Act by dispensing and requesting reimbursement for hundreds of prescriptions of “Focused Pain Relief” cream dispensed to federal healthcare program beneficiaries located in states where the pharmacies were not licensed to operate by the appropriate state authorities, and by failing to disclose that they were not licensed.  The Pharmacies also violated the False Claims Act by billing federal healthcare programs for prescriptions dispensed in states where they had obtained their state licenses under false pretenses, including by failing to inform state authorities that they had previously dispensed drugs in the states without a license and by failing to disclose” one of the pharmacy owners’ “criminal history on pharmacy license applications.”

Additionally, the pharmacies violated the Anti-Kickback Statute by engaging in two separate illegal practices, according to the government.  First, the pharmacies regularly charged federal healthcare program beneficiaries co-payments substantially below program requirements (which often exceeded $100) to induce them to purchase its pain cream, “Focused Pain Relief,” for which the federal healthcare programs paid hundreds and sometimes thousands of dollars each.  Second, the Pharmacies often paid illegal kickbacks to their sales representatives by giving sales commissions for the number of prescriptions written by the physicians the sales reps marketed.

Manhattan U.S. Attorney Geoffrey S. Berman said:  “Pharmacies, like other participants in the healthcare industry, must follow the rules.  The defendants here brazenly flouted basic rules on licensing and kickbacks to line their pockets with dollars from federal healthcare programs.  That is a prescription for intervention by my office and our partners.”

Similar to this case, there have been many instances in which whistleblowers exposed company fraud against the Medicare system.


© 2020 by Tycko & Zavareei LLP

Thai Army Whistleblower Faces Up to Seven Years of Jail Time For Fleeing Retaliation

In February of this year, the Thai Army launched a new initiative to combat corruption and abuse within its ranks—a 24-hour hotline that reports directly to the Army Chief General, Apirat Kongsompong. This initiative was created in the wake of a shocking incident in which a soldier killed 29 people after a dispute with his commanding officer. The new hotline, while not anonymous, was set up to provide Army whistleblower confidentiality and work in conjunction with National Anti-Corruption Commission, where complaints would be transferred if outside of the Army’s jurisdiction.

In rolling out this new program, General Nattapol was quoted as saying: “[T]he Army is doing our best…This is not a public stunt.” However, in light of the treatment of one of the first major complaints that was submitted through this channel, this statement could not be further from the truth.

As reported by Human Rights Watch, Sgt. Narongchai Intharakawi filed several complaints with the new hotline just two months after it was created, alleging fraud involving staff allowances at the Army Ordnance Materiel Rebuild Center. However, no action was taken on his complaints. Then, despite the promised confidentiality of the hotline, Sgt. Narongchai Intharakawi began receiving death threats and was informed that he would be facing a disciplinary inquiry for “undermining unity within the army and damaging his unit’s reputation.” This inquiry was nothing but a sham, intended to intimidate Sgt. Narongchai Intharakawi. In fact, a leaked video of the inquiry shows Sgt. Narongchai Intharakawi’s superior directly threatening him for reporting, including by stating: “You may be able to get away this time, but there is no next time for you.”

Because after all of this Sgt. Narongchai Intharakawi reasonably feared for his personal safety, he fled his post and publicized his experience, including by making a report to the Thai Parliament’s Committee on Legal Affairs, Justice, and Human Rights.

Instead of ceasing retaliation due to the new publicity around Sgt. Narongchai Intharakawi’s case, the Army has doubled down: They have requested a military court warrant his arrest him for delinquency in his duties. Under this charge Sgt. Narongchai Intharakawi could face up to seven years in prison as well as a dishonorable discharge.

This abhorrent treatment of a whistleblower will make the Army’s new system completely ineffectual and nothing more than symbolic piece of propaganda, discouraging any future whistleblowers from coming forward for fear they will be treated the same way. In order to make right their grievous actions, the Thai Army must abandon all charges against Sgt. Narongchai Intharakawi, issue a formal apology for the breach of confidentiality, and discipline those accused of participating in the retaliation.

Sgt. Narongchai Intharakawi is a hero for stepping out and trying to report corruption under a new, untested system and should be treated as such both in Thailand and globally.


Copyright Kohn, Kohn & Colapinto, LLP 2020. All Rights Reserved.

North American Securities Administrators Association Proposes Model State Whistleblower Rewards Legislation

The North American Securities Administrators Association (NASAA) announced it released for public comment a proposed model law to help states incentivize individuals to come forward to report suspected wrongful violations of state securities laws and to protect whistleblowers.  According to NASAA President and Chief of the New Jersey Bureau of Securities Christopher W. Gerold, “The intent of this model legislation is to incentivize individuals who have knowledge of potential securities law violations to report it to state regulators in the interest of investor protection . . . [i]nformation from those with knowledge of securities law violations is a valuable enforcement tool to help regulators detect financial fraud and wrongdoing.”

The SEC whistleblower program that Congress created about 10 years ago in the Dodd-Frank Act has proven effective in combatting securities fraud and protecting investors.  Since the inception of the program, the SEC has paid more than $450 million in awards to whistleblowers.  SEC enforcement actions associated with those awards have resulted in sanctions totaling more than $2 billion.  Whistleblower awards can range from 10 percent to 30 percent of the monetary sanctions collected when the sanctions exceed $1 million.

Proposed Model State Securities Whistleblower Rewards Legislation

The proposed state whistleblower rewards legislation is modeled on the Dodd-Frank Act’s SEC whistleblower rewards provisions. Some of the key features include:

  • A whistleblower could obtain 10 to 30% of the monetary sanctions collected in any related administrative or judicial action stemming from original information that the whistleblower voluntarily provides to a state securities regulator.
  • Factors that would determine the award percentage include:
    • the significance of the original information provided by the whistleblower to the success of the administrative or judicial action;
    • the degree of assistance provided by the whistleblower in connection with the administrative or judicial action; and
    • the programmatic interest of the [Securities Administrator] in deterring violations of the securities laws by making awards to whistleblowers who provide original information that leads to the successful enforcement of such laws.
  • Information that could reasonably be expected to reveal the identity of a whistleblower would be exempt from public disclosure.
  • There are approximately 11 categories of whistleblowers that would be ineligible to receive an award, including (1) a whistleblower convicted of a felony in connection with the administrative or judicial action for which the whistleblower otherwise could receive an award; (2) a whistleblower who acquires the original information through the performance of an audit of financial statements required under the securities laws; (3) a whistleblower who knowingly or recklessly makes a false, fictitious, or fraudulent statement or misrepresentation as part of, or in connection with, the original information provided or the administrative or judicial proceeding for which the original information was provided; and (4) a whistleblower who has a legal duty to report the original information.

The model legislation also includes a whistleblower protection provision that would prohibit an employer from terminating, discharging, demoting, suspending, threatening, harassing, directly or indirectly, or in any other manner retaliating against, a whistleblower because of any lawful act done by the whistleblower:

  • in providing information to the [Securities Division] in accordance with this Act;
  • in initiating, testifying in, or assisting in any investigation or administrative or judicial action based upon or related to such information; or
  • in making disclosures that are required or protected under the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7201 et seq.); the Securities Act of 1933 (15 U.S.C. 77a et seq.); the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.); 18 U.S.C. 1513(e); any other law, rule, or regulation subject to the jurisdiction of the Securities and Exchange Commission; or [the Securities Act of this State] or a rule adopted thereunder.

Remedies for a whistleblower prevailing in a retaliation claim include:

  • reinstatement with the same compensation, fringe benefits, and seniority status that the individual would have had, but for the retaliation;
  • two (2) times the amount of back pay otherwise owed to the individual, with interest;
  • compensation for litigation costs, expert witness fees, and reasonable attorneys’ fees;
  • actual damages; or
  • any combination of these remedies.

Role of State Securities Regulators

Although the SEC is the primary securities market regulator and enforces federal securities laws, state securities regulators enforce “blue sky” laws designed to protect investors against fraudulent sales practices and activities that fall outside of the SEC’s jurisdiction, e.g., offerings that are not required to be registered with the SEC.  Most of the state securities laws are based on the Uniform Securities Act, which is intended to prevent the fraudulent sale of securities to investors.

Securities law enforcement at the state level plays a vital role in protecting investors.  According to the NASAA’s 2018 Enforcement Report, in 2017 state securities regulators received 7,988 complaints, took 2,105 enforcement actions, and ordered $486 million returned to investors. Incentivizing whistleblowers to report securities fraud could significantly enhance the ability of state securities regulators to protect investors.

The proposed model act is open for public comment through June 30, 2020.


© 2020 Zuckerman Law

For more on securities laws, see the National Law Review Securities & SEC law section.

How Business Owners Can Watch For Fraud

Fraud can quickly take down a successful business, or at the very least create significant issues for you to deal with. As a business owner, it’s important that you know how to watch for fraudulent activities by your employees. Here are a few tips for approaching the subject in your business:

Be careful who you hire

Preventing fraud begins before you even hire your employees. As you work through the selection process, be sure to investigate your potential hires, especially those who deal with finances. You can use a background check, credit report and social media check to look for any red flags.

Protect your business with anti-fraud policies

You should always have company policies in place that state that fraud is not accepted and that includes specific procedures to help prevent and deal with fraud.

Consistent analysis

Use data analysis to double-check the transactions of your business. This can help catch any errors or possible instances of fraud.

Educate your employees

Though you may have the definition of fraud and your stance against it in your company policies, that doesn’t mean that your employees are aware. Especially for new hires, create fraud education and training for them to complete.

Make it easy for whistleblowers to come forward

Create a company culture that is honest and open. This can help draw employees who are willing to call out fraud when they see it. Create procedures that allow whistleblowers to feel safe coming forward and reporting misconduct.

Watch for red flags

As an employer, it’s important to keep an eye on your employees. You have a unique opportunity to spot red flags like employees that live beyond their means or have significant financial struggles.

Don’t let any suspicious activity slide. Be sure to quickly and thoroughly address anything that you notice that could be indicative of fraud.


© 2020 by Raymond Law Group LLC.

Veterans Affairs Case Offers Clarification on WPA Burden of Proof

In Sistek v. Dep’t of Veterans Affairs, 955 F.3d 948, 954 (Fed. Cir. 2020), the Federal Circuit clarified a federal whistleblower’s burden of proving retaliation when the discrimination he alleges is not specifically identified as a prohibited personnel action in the Whistleblower Protection Act of 1989 (“WPA”), 5 U.S.C. § 2302(b)(8). The WPA protects federal employees who disclose evidence of illegal or improper government activities. Under the WPA, an agency may not take or threaten to take certain personnel actions because of a protected disclosure by an employee.

This blog reviews the elements of a WPA claim, then discusses how Sistek affects these proof requirements when the retaliation consists, in part, of subjecting the employee to an internal investigation.

Background on the Whistleblower Protection Act

To state a claim under WPA, an employee must allege that (1) there was a disclosure or activity protected under the WPA; (2) there was a personnel action authorized for relief under the WPA; and (3) the protected disclosure or activity was a contributing factor to the personnel action. See 5 U.S.C. § 1221(e)(1). If the appellant makes out a prima facie case, the agency is given an opportunity to prove, by clear and convincing evidence, that it would have taken the same personnel action in the absence of the protected disclosure. 5 U.S.C. § 1221(e)(2); see Fellhoelter v. Department of Agriculture, 568 F.3d 965, 970–71 (Fed. Cir. 2009). The WPA is a “remedial statute,” and its terms are to be construed “broadly.” Weed v. Soc. Sec. Admin., 113 M.S.P.R. 221, 227 (2010). See also Fishbein v. Dep’t of Health & Human Servs., 102 M.S.P.R. 4, 8 (2006) (“Because the WPA is remedial legislation, the Board will construe its provisions liberally to embrace all cases fairly within its scope, so as to effectuate the purpose of the Act.”).

A. Protected Disclosures

An employee engages in a protected disclosure when he or she makes a formal or informal communication of information that he or she reasonably believes evidences “any violation of any law, rule, or regulation” or “gross mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health and safety.” 5 U.S.C. § 2302(b)(8)(A). The WPA also protects disclosures that an employee reasonably believes are evidence of censorship related to research, analysis, or technical information that the employee believes is, or will cause, either a “violation of law, rule or regulation” or “gross mismanagement, a gross waste of funds, an abuse of authority, or a substantial and specific danger to public health or safety.” Pub. L. No. 112-199, sec. 110, 126 Stat. 1465 (Nov. 27, 2012). Protected disclosures include those made to a supervisor or to a person who participated in the activity that was the subject of the disclosure, as well as those made “during the normal course of duties of an employee.” Id.; Day v. Dep’t of Homeland Sec., 119 M.S.P.R. 589, 599 (2013).

The WPA defines a “disclosure” very broadly. See 5 U.S.C. § 2302(a)(2)(D) (“‘disclosure’ means a formal or informal communication or transmission”). The relevant inquiry is whether an employee “reasonably believed” that the disclosure evinces a violation of any law, rule, or regulation; gross mismanagement; gross waste of funds; abuse of authority, or; a substantial and specific danger to public health or safety. See, e.g., Miller v. Dep’t of Homeland Sec., 2009 WL 1445346 (M.S.P.B. May 4, 2009) (employee’s criticisms of new policies were protected disclosures under WPA because he reasonably believed that these policy changes would pose a substantial and specific danger to public safety).

B. Personnel Action

Under the Whistleblower Protection Act, a “personnel action” may refer to:

  1. an appointment;

  2. a promotion;
  3. an action under chapter 75 of this title or other disciplinary or corrective action;
  4. a detail, transfer, or reassignment;
  5. a reinstatement;
  6. a restoration;
  7. a reemployment;
  8. a performance evaluation under chapter 43 of this title or under title 38;
  9. a decision concerning pay, benefits, or awards, or concerning education or training if the education or training may reasonably be expected to lead to an appointment, promotion, performance evaluation, or other action described in this subparagraph;
  10. a decision to order psychiatric testing or examination;
  11. the implementation or enforcement of any nondisclosure policy, form, or agreement; and
  12. any other significant change in duties, responsibilities, or working conditions;
  13. 5 USCA § 2302(a)(2)(A). The list is comprehensive, and covers a wide swath of adverse personnel actions.

C. Contributing Factor

Under the “knowledge/timing test,” an individual may demonstrate that a protected disclosure was a contributing factor to a personnel action through circumstantial evidence, such as evidence that the official taking the personnel action knew of the whistleblowing disclosure and took the personnel action within a period of time such that a reasonable person could conclude that the disclosure was a contributing factor in the personnel action. See Atkinson v. Dep’t of State, 107 M.S.P.R. 136, 141 (2007) (citing 5 U.S.C. § 1221(e)(1)).

However, whistleblowing activities may still be a contributing factor in the taking or failure to take a personnel action, even absent evidence that the deciding official had knowledge of the whistleblowing activities. See Dorney v. Dep’t of Army, 117 M.S.P.R. 480, 485–86 (2012). If the deciding official was influenced by one with knowledge of the whistleblowing activities, then such activities may be a contributing factor to personnel actions under the WPA. Id.

Sistek v. Dep’t of Veterans Affairs

A. Facts and Procedural History

Between 2012 and 2014, Leonard Sistek, Jr., then-director at the Department of Veterans Affairs (“VA”), disclosed information to agency staff, one of his supervisors, and the VA’s Office of the Inspector General (“OIG”) about inappropriate financial practice within the VA. Shortly thereafter, his supervisor appointed an Administrative Investigation Board (“AIB”) to investigate unrelated misconduct within the organization. His supervisor formally added Mr. Sistek as a subject of the investigation.

The AIB investigation found that the management team, which included Mr. Sistek, failed to report allegations about an inappropriate sexual relationship between two other staff members, and it recommended that Mr. Sistek receive “an admonishment or reprimand.” Consistent with the recommendation, Mr. Sistek’s supervisor issued a letter of reprimand in August 2014. In January 2015, without explanation, Mr. Sistek’s second-level supervisor rescinded the letter of reprimand and expunged it from Mr. Sistek’s record. In March 2015, the OIG confirmed that the concerns previously raised by Mr. Sistek were justified, and that the VA had violated appropriations law and used funds in unauthorized ways.

Mr. Sistek filed a complaint with the U.S. Office of Special Counsel (“OSC”), alleging whistleblower reprisal. After OSC issued a closure letter, Mr. Sistek filed an individual right of action appeal.

The Administrative Judge (“AJ”), considered whether the investigation and resulting letter of reprimand constituted prohibited personnel actions. The AJ determined that a retaliatory investigation is not a personnel action under the WPA and declined to order corrective action in favor of Mr. Sistek. See Sistek v. Dep’t of Veterans Affairs, 2018 MSPB LEXIS 3010 (M.S.P.B. Aug. 8, 2018). The AJ’s initial decision became the final decision of the MSPB, and Mr. Sistek petitioned the Federal Circuit for review.

B. The Federal Circuit’s Finding of Harmless Error

The Federal Circuit affirmed the Board’s decision. First, it reasoned that the WPA’s list of eleven specific personnel actions does not mention a “retaliatory investigation,” or indeed, “any investigation at all.” Sistek v. Dep’t of Veterans Affairs, 955 F.3d 948, 954 (Fed. Cir. 2020). Second, the court found that the investigation against Mr. Sistek did not significantly alter his job or working conditions, and thus did not fall within the last catchall provision of the WPA’s list of personnel actions. “[I]nvestigations may qualify as personnel actions ‘if they result in a significant change in job duties, responsibilities, or working conditions.’” Sistek, 955 F.3d at 955 (quoting S. Rep. No. 112-155, at 20 (2012)). The court elaborated that in certain circumstances, “an investigation alone could constitute a significant change in working condition,” or “a retaliatory investigation could contribute toward the creation of a hostile work environment that is actionable as a significant change in working conditions.” Id. In such circumstances, a retaliatory investigation would be a qualifying personnel action under the WPA. The Sistek Court held, however, that the investigation did not establish a significant change in working conditions because Mr. Sistek was interviewed once, did not offer evidence of a hostile work environment, and the resulting letter of reprimand was later rescinded and expunged. See id. at 956.

Third, the court considered Mr. Sistek’s effort to bring his claim within the rationale of controlling precedent on retaliatory investigations. See Russell v. Dep’t of Justice, 76 M.S.P.R. 317 (1997). In Russell, a whistleblower disclosed misconduct by two of his superiors, after which, one of the superiors initiated an investigation of the whistleblower’s conduct, resulting in disciplinary charges against the whistleblower and the whistleblower’s demotion. Id. at 321. The Board held that the agency investigation was evidence of prohibited retaliation because the investigation was “so closely related to the personnel action that it could have been a pretext for gathering evidence to retaliate, and the agency [did] not show by clear and convincing evidence that the evidence would have been gathered absent the protected disclosure.” Id. at 324. “That the investigation itself is conducted in a fair and impartial manner, or that certain acts of misconduct are discovered during the investigation, does not relieve an agency of its obligation to demonstrate by clear and convincing evidence that it would have taken the same personnel action in the absence of the protected disclosure.” Id. (citing 5 U.S.C. § 1221(e)(2)). In other words, if an agency investigation leads to an adverse personnel action, that investigation—coupled with the ensuing personnel action—is prohibited retaliation, unless the agency can demonstrate that it would have commenced the same investigation and taken the same personnel action absent the protected disclosure. “To here hold otherwise would sanction the use of a purely retaliatory tool, selective investigations.” Id. at 325.

The Sistek court acknowledged that Russell is “the Board’s foundational decision in this area,” and that the drafters of the Whistleblower Protection Enhancement Act (“WPEA”), Pub. L. No. 112-199, 126 Stat. 1465 (2012), intended that Russell would remain “governing law.” Sistek, 955 F.3d at 955. Applying Russell, the Sistek court found that the Board erred by failing to consider Mr. Sistek’s allegedly retaliatory investigation as part of its evaluation of the letter of reprimand. See id. at 957. Applying Russell, the VA’s investigation into Mr. Sistek was “so closely related” to the letter of reprimand “that it could have been a pretext for gathering evidence to retaliate.” Russell, 76 M.S.P.R. at 324. By “fail[ing] to apply Russell in evaluating the letter of reprimand,” the Board committed error. Sistek, 955 F.3d at 957.

Regardless, the Sistek Court held that the Board’s error was harmless. Id. The Court distinguished the present facts from the facts of Russell “because here there is no evidence that the official who initiated the allegedly retaliatory investigation had knowledge of any protected disclosures.” Id. The Court held that the supervisor who initiated the investigation lacked both actual and constructive knowledge of Mr. Sistek’s protected disclosures, and further, Mr. Sistek did not allege such knowledge. By failing to allege knowledge, Mr. Sistek could not demonstrate that his protected disclosure was a contributing factor to the alleged personnel action. In other words, even if the investigation and letter of reprimand were an adverse action, the WPA claim would have nonetheless failed because Mr. Sistek did not present sufficient evidence that his whistleblowing was a contributing factor in his adverse action.

Significance of Sistek

Sistek reaffirmed the holding of Russell, that a retaliatory investigation may be a prohibited personnel action if it leads to a significant change in job duties, responsibilities or working conditions; if it creates a hostile working environment, or; if it is “closely related” to a personnel action under the WPA. If Mr. Sistek had demonstrated facts to meet the knowledge/timing causation test, then the Court would have remanded the case to the Board to consider whether the investigation and letter together were qualifying personnel actions. And Russell would mandate that the answer is yes.

Further, if an employee can demonstrate that an investigation was undertaken in retaliation for a protected disclosure, the WPA provides that the Board may order corrective action that includes “fees, costs, or damages reasonably incurred due to an agency investigation” that is “commenced, expanded, or extended in retaliation” for a protected disclosure or activity—i.e., a retaliatory investigation. 5 U.S.C. §§ 1214(h), 1221(g)(4).

“So long as a protected disclosure is a contributing factor to the contested personnel action, and the agency cannot prove its affirmative defense, no harm can come to the whistleblower.” Marano v. Dep’t of Justice, 2 F.3d 1137, 1142 (Fed. Cir. 1993). The WPA thus continues to protect federal whistleblowers from retaliatory investigations, and Sistek merely provides a cautionary note about establishing the causation element of such a claim.


© Katz, Marshall & Banks, LLP
For more on whistleblower protections, see the National Law Review Criminal Law & Business Crimes section.

Court Rules That Whistleblower Must Face Trial On Former Employer’s Claims

Life is not necessarily all skittles and beer for whistleblowers.  Sometimes, they are sued by the very companies on which they blew the whistle.  Such is the case in the ongoing case of Erhart v. Bofi Holding, Inc., 2020 U.S. Dist. LEXIS 57137.  Judge Cynthia Bashant limns the background facts as follows:

“Charles Erhart was an internal auditor for BofI Federal Bank. After Erhart discovered conduct he believed to be wrongful, he reported it to BofI’s principal regulator. BofI responded by allegedly defaming and terminating him. Erhart then filed this lawsuit for whistleblower retaliation under state and federal law. The next morning, The New York Times published an article summarizing the lawsuit’s allegations—causing BofI’s stock price to plummet. The Bank quickly commenced a countersuit against Erhart claiming he committed fraud, breached his duty of loyalty, and violated state and federal anti-hacking statutes. The Court consolidated BofI’s countersuit with Erhart’s whistleblower-retaliation action.”

In the cited decision, Judge Bashant grants in parts and denies in part Erhart’s and Bofi’s motions for summary adjudication.  The ruling is lengthy and tackles a variety of issues, some of which I hope to address in future posts.  Nonetheless, a key point for whistleblowers is that Judge Bashant is allowing Bofi’s claims against Erhart to proceed to trial, albeit on a limited basis.

When “Whistleblower” First Became Figurative

Recently, I endeavored to identify the first figurative use of the term “whistleblower” in a reported California opinion.  I was surprised that earliest case dates to the presidency of Ronald Reagan.  Interestingly, the Court addresses the very tension at the heart of Erhart:

“There is a great public interest in the truthful revelation of wrongdoing, and in protecting the ‘whistleblower’ from retaliation; there is very little public interest in protecting the source of false accusations of wrongdoing.”

Mitchell v. Superior Court, 37 Cal. 3d 268, 283, 690 P.2d 625, 634, 208 Cal. Rptr. 152, 161 (1984).  Many cases dating back to the mid 19th Century mention the blowing of whistles, but the references are to actual, not figurative, whistles.


© 2010-2020 Allen Matkins Leck Gamble Mallory & Natsis LLP

For more on whistleblowers, see the National Law Review Litigation & Trial Practice Section.

Bipartisan Group of Senators Asks Trump to Explain Reasoning for Firing IC Watchdog

Yesterday, Senator Charles Grassley (R-IA) and a bipartisan group of senators sent a letter to President Trump asking for more details regarding the firing of Intelligence Community Inspector General (IC IG) Michael Atkinson. Atkinson was responsible for alerting Congress to the whistleblower complaint that led to Trump’s impeachment.

Grassley, who serves as chairman of the Senate Whistleblower Protection Caucus, argued that Trump provided insignificant reasons for firing the government watchdog.

“Congressional intent is clear that an expression of lost confidence, without further explanation, is not sufficient to fulfill the requirements of the statute. This is in large part because Congress intended that inspectors general only be removed when there is clear evidence of wrongdoing or failure to perform the duties of the office, and not for reasons unrelated to their performance, to help preserve IG independence.”

Trump announced the termination of Atkinson on Friday, citing a lack of “confidence in the appointees serving as inspectors general.” In remarks the following day, Trump defended the decision stating, Atkinson “did a terrible job, absolutely terrible.” He also said Atkinson “took a fake report and gave it to Congress.”

The Senators stressed that “all inspectors general (IG) are designed to fulfill a dual role, reporting to both the President and Congress, to secure efficient, robust, and independent agency oversight.”

The Senators allege that the administration by-passed Congress’s “opportunity for an appropriate dialogue” “by placing the IG on 30 days of administrative leave and naming an acting replacement.”

The Senators ask that President Trump provide a detailed explanation of the removal of Inspector General Atkinson no later than April 13, 2020. And to also explain appointing an acting official before the end of the 30-day notice period comports with statutory requirements.

The day after his termination was made public, Atkinson described how he “faithfully discharged” his duties as “an independent and impartial Inspector General” in a statement encouraging other government whistleblowers to speak up.

Seven other senators signed the letter.

Read the Senator’s letter to President Trump.


Copyright Kohn, Kohn & Colapinto, LLP 2020. All Rights Reserved.

Ben Kostyack also contributed to this article.

Cybersecurity Whistleblower Protections for Employees of Federal Contractors and Grantees

For information security professionals, identifying cybersecurity vulnerabilities is often part of the job.  That is no less the case when the job involves a contract or grant with the U.S. government.

Information security and data privacy requirements have become a priority at federal agencies.  These requirements extend to federal contractors because of their access to government data.  Often, cybersecurity professionals are the first to identify non-compliance with these requirements.  As high-profile data breaches have become more common, those who report violations of cybersecurity and data privacy requirements often experience retaliation and seek legal protection.

Reporting non-compliance or misconduct in the workplace can be necessary, but it can also be daunting.  It is important for cybersecurity whistleblowers to know their legal rights when disclosing such concerns to management or a federal agency.

In many cases, federal law protects cybersecurity whistleblowers who work for federal contractors or grantees.  This post provides an overview of those protections.

What cybersecurity requirements apply to federal contractors?

Federal contractors are subject to data privacy and information security requirements.

The Federal Information Security Management Act (“FISMA”) creates information security requirements for federal agencies to minimize risk to the U.S. government’s data.  FISMA also applies these requirements to state agencies administering federal programs and private business contracting with the federal government.  Federal acquisition regulations codify the cybersecurity and data privacy requirements applicable to federal contractors.  E.g., 48 C.F.R. §§ 252.204-7008, 7012 (providing for cybersecurity standards in contracts with the U.S. Department of Defense); 48 C.F.R. § 52.204-21 (outlining basic procedures for contractors to safeguard information processed, stored, or transmitted under a federal contract).  

Pursuant to the FISMA Implementation Project, the National Institute of Standards and Technology (“NIST”) produces security standards and guidelines to ensure compliance with FISMA.  Key principles of FISMA compliance include a systemic approach to the data that results in baseline controls, a risk assessment procedure to refine controls, and implementation of controls.  A security plan must document the controls.  Those managing the information must also assess the controls’ effectiveness.  NIST also focuses its standards on determining enterprise risk, information system authorization, and ongoing monitoring of security controls.

Essential standards established by NIST include FIPS 199, FIPS 200, and the NIST 800 series.  Core FISMA requirements include:

  • Federal contractors must keep an inventory of all of an organization’s information systems.
  • Contractors must identify the integration between information systems and other systems in the network.
  • Contractors must categorize information and information systems according to risk. This prioritizes security for the most sensitive information and systems.  See “Standards for Security Categorization of Federal Information and Information Systems” FIPS 199.
  • Contractors must have a current information security plan that covers controls, cybersecurity policies, and planned improvements.
  • Contractors must consider an organization’s particular needs and systems and then identify, implement, and document adequate information security controls. See NIST SP 800-53 (identifying suggested cybersecurity controls).
  • Contractors must assess information security risks. See NIST SP 800-30 (recommending that an organization assess risks at the organizational level, the business process level, and the information system level).
  • Contractors must conduct annual reviews to ensure that information security risks are minimal.

In addition to generally-applicable standards, individual contracts may create other cybersecurity or data privacy requirements for a government contractor.  Such requirements are prevalent when the contractor provides information security products or services for the government.

What protections exist for cybersecurity whistleblowers who work for federal contractors?

Federal law contains whistleblower protection provisions that may prohibit employers from retaliating against whistleblowers who report cybersecurity or data privacy concerns.  See Defense Contractor Whistleblower Protection Act, 10 U.S.C. § 2409; False Claims Act, 31 U.S.C. § 3730(h); NDAA Whistleblower Protection Law, 41 U.S.C. § 4712.  These laws protect a broad range of conduct.

Protected conduct under these laws includes:

  • Efforts to stop false claims to the government;
  • Lawful acts in furtherance of an action alleging false claims to the government; and
  • Disclosures of gross mismanagement, gross waste, abuse of authority, or a violation of law, rule, or regulation related to a federal contract or grant. Id.

These provisions have wide coverage.  They protect any employee of any private sector employer that is a contractor or grantee of the federal government.  In some cases, even the employer’s contractors and agents are protected.

An employer’s non-compliance with information security requirements could breach the employer’s contractual obligations to the federal government and violate federal law and regulation.  Thus, whistleblowers who report cybersecurity or data privacy concerns related to a federal contract or grant may be protected from employment retaliation.

What is the burden to establish unlawful retaliation for reporting cybersecurity concerns?

Exact requirements vary, but an employee typically establishes unlawful retaliation by proving that (1) the employee engaged in conduct that is protected by statute, and (2) the protected conduct to some degree caused a negative employment action.  See, e.g., 10 U.S.C. § 2409(c)(6) (incorporating burden of proof from 5 U.S.C. § 1221(e)); 41 U.S.C. § 4712(c)(6) (same); 31 U.S.C. § 3730(h)(1).  

Under some of the applicable protections, an employee need prove only that the protected conduct played any role whatsoever in the employer’s decision to take the challenged employment action.  See 10 U.S.C. § 2409; 41 U.S.C. § 4712.

What damages or remedies can a cybersecurity whistleblower recover for retaliation?

The relief available depends on which laws apply to the particular case.  Remedies may include an amount equal to double an employee’s lost wages, as well as reinstatement or front pay.  In some cases, a whistleblower may also recover uncapped compensatory damages for harms like emotional distress and reputational damage.  Additionally, a prevailing plaintiff can recover reasonable attorneys’ fees and costs.

Recently, a jury awarded a defense contractor whistleblower $1 million in compensatory damages.  The whistleblower proved that the employer more than likely retaliated by demoting him after he reported issues with tests related to a federal contract, according to the jury.  Specifically, the whistleblower alleged he reported and opposed management’s directive to misrepresent the completion status of testing procedures.

In a recent case under the False Claims Act, a whistleblower received more than $2.5 million for retaliation she suffered after internally reporting off-label promotion for a drug outside its FDA-approved use.  The False Claims Act protects employees from retaliation who blow the whistle on fraud against the government, including those who blow the whistle internally to a government contractor or grantee.

Do any court cases address whether cybersecurity whistleblowers are protected?

Yes.  Judges and juries have applied these laws to protect cybersecurity whistleblowers.

For example, in United States ex rel. Glenn v. Cisco Systems, Inc., defendant Cisco Systems settled for $8.6 million in what is likely the first successful cybersecurity case brought under the False Claims Act.  The plaintiff/relator James Glenn worked for Cisco and internally reported serious cybersecurity deficiencies in a video surveillance system, soon after which he was fired.  Cisco had sold the surveillance systems to various federal government entities, including the Department of Homeland Security, FEMA, the Secret Service, NASA, and all branches of the military.  After monitoring Cisco’s public pronouncements regarding the system and confirming the company had not solved the problems or reported vulnerabilities to customers, Glenn contacted the FBI.  Multiple states joined in the complaint and brought claims under state laws.

While the case did not proceed to litigation, Glenn received nearly $2 million of the settlement, and the federal government’s attention to the issue proves that cybersecurity and data privacy are of utmost importance.

Surely, as more of our lives and businesses move online, the government will place increased importance on contractors and grantees following data security and privacy requirements and disclosing known vulnerabilities.  Cybersecurity whistleblowers working for government contractors play an important part in revealing these vulnerabilities and keeping the federal government secure.  Still, these whistleblowers may experience retaliation after blowing the whistle internally at their place of work.

How can employees enforce these protections from retaliation?

Employees generally have the right to bring claims of unlawful retaliation for cybersecurity or data privacy whistleblowing in federal court.  However, some claims limit that right to whistleblowers who first exhaust all their administrative remedies.  For example, in some cases whistleblowers will first need to pursue relief from the Office of Inspector General of the relevant federal agency.  Additionally, cybersecurity whistleblower claims are subject to strict deadlines.  See, e.g., 31 U.S. Code § 3730; 10 U.S.C. § 2409; 41 U.S.C. § 4712.


© 2020 Zuckerman Law

SEC Investigating Cyberattacks Used to Find Secret Company Mergers

SEC Investigating Cyberattacks and Insider Trading

According to Reuters, the Securities and Exchange Commission (SEC) is investigating hacks of email accounts of associates and executives that reveal information on potential mergers. The hackers use a technique known as phishing where they craft emails that trick recipients into logging into malicious websites to steal their email logins. These hacks pose a threat because fraudsters can easily use the information to engage in insider trading.

The group, known as FIN4, allegedly targeted a list of 60 companies in biotechnology, medical instruments, hospital equipment, and drugs. Fireeye reported these cyberattacks in February 2014 and found that they were performed to “obtain an edge on the stock trading.” This will continue to be a problem as more businesses move over to cloud computing, which could lead to a significant increase in data breaches.

The SEC’s Office of Compliance Inspections and Examinations released a report on observations relating to cybersecurity and best practices by financial market participants. The observations are offered as guidelines for firms considering how to improve their cybersecurity preparedness and response procedures. The intent is to highlight specific examples of cybersecurity and operational resiliency practices and controls that firms are taking to safeguard against threats, and how they respond in the event of a breach. The SEC “encourages organizations to review their practices, policies, and procedures with respect to cybersecurity and operational resiliency.” Cybersecurity and Resiliency Observations report.

New Technology & Whistleblower Tips Root Out Insider Trading

The SEC relies on technological developments to accomplish its enforcement goals, including identifying and pursuing insider trading cases. In FY 2018, the SEC implemented a Consolidated Audit Trail, intended to enhance, centralize, and update the regulatory data infrastructure available to market regulators. Once fully implemented, the Consolidated Audit Trail will give regulators quicker access to all trade and order data, facilitating the detection of illegal trading practices, such as insider trading.

In addition to technology, the SEC has increasingly relied on whistleblower tips to identify and halt insider trading. Whistleblowers have been instrumental to expose fraud and expose insider trading secrets.

SEC Rewards Whistleblowers for Exposing Insider Trading 

Under the SEC Whistleblower Program, whistleblower are eligible to receive a reward if their original information about insider trading leads to a successful enforcement action with total monetary sanctions of more than $1 million. A whistleblower may receive an award of between 10 to 30 percent of the total monetary sanctions collected. If represented by counsel, a whistleblower may submit a tip anonymously to the SEC.


© 2020 Zuckerman Law

For more on SEC Insider Trading enforcement, see the National Law Review Criminal Law and Business Crimes section.