A False Claims Act FY 2025 Year in Review

The False Claims Act (FCA) is the government’s principal weapon against fraud. It is a broad and flexible statute that was intended to “reach all types of fraud, without qualification, which might result in financial loss to the Government.”¹ Because of its breadth, it can be used in myriad ways—some traditional and others novel. With fiscal year 2025 ending last week, we look back to see how FCA enforcement is evolving to reflect the priorities of the new Trump Administration.

Health Care

FCA enforcement has traditionally focused on the health care and life sciences industries, with annual recoveries routinely exceeding $1 billion. That trend continued during FY 2025 with a number of high-dollar settlements, including two under the Medicare Advantage program, which remains an area of focus. Specifically, in December 2024, a Medicare Advantage provider agreed to pay $98 million to resolve allegations that it violated the FCA by submitting invalid diagnosis codes to inflate the “risk scores” of its patient population. Then, in March 2025, a company, its subsidiary, and its majority owner paid $62 million to settle FCA claims relating to billing for spinal conditions under the Medicare Advantage program.

DOJ has also focused on kickbacks. In January 2025, a pharmaceutical company agreed to pay nearly $60 million to resolve allegations that a subsidiary had paid kickbacks in exchange for prescriptions and caused these prescriptions to be submitted to federal health care programs. In September, the DOJ announced that a laboratory CEO, marketers, and physicians agreed to pay $6 million to settle claims of kickbacks.

The DOJ has also continued enforcement efforts arising out of the opioid epidemic. Most notably, in April 2025, the DOJ announced a $350 million settlement with a national pharmacy chain to resolve allegations that the chain illegally filled invalid prescriptions for opioids and then, in violation of the FCA, billed federal health care programs.

The DOJ has also filed several notable complaints alleging that health care companies violated the FCA. In April 2025, the DOJ filed a complaint alleging that a wound care company and its majority owner submitted false claims to Medicare. In May 2025, the DOJ announced it had filed an FCA complaint against “three of the nation’s largest health insurance companies” and “three large insurance broker organizations.” The complaint alleged that from 2016 through at least 2021, the insurers paid hundreds of millions of dollars in illegal kickbacks to the brokers in exchange for enrollments into the insurers’ Medicare Advantage plans. The lawsuit was originally filed as a qui tam lawsuit. In September, the DOJ intervened in a case against nursing homes. Also in September 2025, the DOJ announced that it filed a complaint against a California Local Initiative Health Plan.

The Administration is also evolving its use of the FCA in the health care space. In April 2025, the Attorney General issued a memorandum that announced that she was directing the DOJ Civil Division’s Fraud Section to investigate “false claims submitted to federal health care programs for any noncovered services related to radical gender experimentation.” She included examples such as “physicians prescribing puberty blockers to a child for an illegitimate reason (e.g., gender dysphoria) but reporting a legitimate purpose (i.e., early onset puberty) to the Centers for Medicare & Medicaid Services, and hospitals performing surgical procedures to remove or modify a child’s sex organs while billing Medicaid for an entirely different procedure.” The Attorney General also specifically noted that the DOJ was “eager to work with qui tam whistleblowers with knowledge of any such violations.”

The Administration fleshed out its healthcare enforcement priorities further in summer 2025 with two announcements. First, in June, as part of the announcement for the National Health Care Fraud Takedown, the DOJ reported that they were partnering with other agencies to “bring together experts from the Department’s Criminal Division, Fraud Section, Health Care Fraud Unit Data Analytics Team; HHS-OIG; FBI; and other agencies to leverage cloud computing, artificial intelligence, and advanced analytics to identify emerging health care fraud schemes.” And, in July, the DOJ and the Department of Health and Human Services (HHS) announced that they were relaunching the DOJ-HHS False Claims Act Working Group. The working group will focus on some areas that, according to the current Deputy Assistant Attorney General, “will surprise no one,” such as Medicare Advantage and kickbacks. It will also focus on some areas that she described as “overlooked,” including violations of network adequacy requirements. The working group will also focus on materially defective medical devices that impact patient safety as well as manipulation of electronic health records systems to drive inappropriate utilization of Medicare covered products and services. The working group will use data that HHS obtains as a regulator to identify potential cases. Additionally, the working group will discuss whether the DOJ should dismiss qui tam complaints consistent with Justice Manual Section 4-4.111. This may indicate that the DOJ may be more aggressive in dismissing qui tam cases that it perceives to be meritless.

The past year’s enforcement pattern suggests that health care and life sciences companies will remain frequent targets for FCA suits. Doctors and hospitals—particularly those that provide care modalities that the Administration disfavors—are also likely to face enhanced scrutiny.

Government Contracts & Cybersecurity

Government contractors have also long been targets for FCA enforcement—and that continued in FY 2025. The past year saw settlements in scenarios where a government contractor allegedly misrepresented its eligibility for small business set-aside contracts, mischarged for labor services provided under the General Services Administration’s Multiple Award Schedule program, engaged in bid-rigging under Department of Defense (DOD) contracts, and improperly used confidential government and competitor information to influence contract awards.

The DOJ is continuing the prior administration’s focus on compliance with cybersecurity requirements. In October 2021, the DOJ announced that it had formed a Civil Cyber-Fraud Initiative to enforce cybersecurity standards required of federal contractors and grant recipients. Since then, the DOJ and other agencies have actively pursued and settled cases against government contractors for failing to comply with cybersecurity requirements in government contracts and grants. During the Biden Administration, the DOJ had reached two settlements with companies totaling $10.25 million.

Although no longer branded as part of the Biden-era initiative, settlements of similar FCA cases have continued. In March 2025, the DOJ announced that it reached a $4.6 million settlement with a government contractor to resolve allegations that the contractor violated the FCA by failing to comply with cybersecurity requirements in its contracts with the Departments of the Army and Air Force. As part of the settlement, the contractor admitted that it used a third party to host its emails without requiring and ensuring that the third party met security requirements, did not implement all cybersecurity controls in National Institute of Standards and Technology Special Publication 800-171 (which is a requirement of DFARS § 252.204-7012), did not have a consolidated written plan for each of its covered information systems, and did not update its Supplier Performance Risk System score after receiving a lower score through a third-party assessment. In May 2025, the DOJ announced that a defense contractor agreed to pay $8.4 million over allegations the company “failed to implement required cybersecurity controls on an internal development system that was used to perform unclassified work on certain DOD contracts.” In July 2025, the DOJ announced a $1.75 million settlement with a defense contractor and private equity company for allegedly failing to meet the requirements of NIST (SP) 800-171 and sharing sensitive defense information with an Egyptian subcontractor. Of note, the DOJ stated in the press release that the contractor “provided the government with multiple written self-disclosures, cooperated with the government’s investigation of the issues, and took prompt remedial action,” which the DOJ deemed “significant steps entitling them to credit for cooperating with the government.”

Also in July 2025, the DOJ announced another cyber settlement involving a medical device company, which agreed to pay $9.8 million to resolve FCA allegations that it sold to multiple federal agencies genomic sequencing systems with software containing cybersecurity vulnerabilities. The DOJ focused on alleged misrepresentations that the company complied with cybersecurity standards; it did not allege that any vulnerabilities led to an actual breach, however. Instead, the DOJ relied on the company’s alleged failure to comply with cybersecurity standards and address known product security gaps.

Another emerging area of FCA enforcement relates to employment verification practices of government contractors under FAR 52.222-54, Employment Eligibility Verification. In 2025, the DOJ announced two settlements with shipbuilders to settle allegations that the companies billed the government for labor performed by workers not eligible to work in the United States. Specifically, in January 2025, the Biden Administration announced a $1 million settlement with a shipbuilder for allegedly knowingly billing the Coast Guard for labor performed by ineligible employees. And in September 2025, the DOJ announced a $4 million settlement to settle allegations that a New Jersey shipbuilder’s subcontractors had improperly employed unauthorized employees to work on military ships.

Going forward, the DOJ will continue to make government contracts a focus area for FCA enforcement, including common FCA scenarios involving misrepresentation of small business size status and mischarging of costs. Cybersecurity compliance remains a clear DOJ priority and is likely to be the subject of even greater scrutiny as DOD begins implementing the Cybersecurity Maturity Model Certification (CMMC) program this year, which will require some contractors to attest to their satisfaction of NIST (SP) 800-171’s requirements. Finally, the DOJ continues to encourage self-disclosure of FCA violations by government contractors and cooperation with government investigations, which can be rewarded with lower settlement amounts.

Paycheck Protection Program

In 2022, Congress extended the statute of limitations to bring Paycheck Protection Program (PPP) and COVID-19 Economic Injury Disaster Loan cases to 10 years. Consequently, the DOJ and Small Business Administration continue to bring many COVID-19 relief-related cases. In June 2025, the DOJ announced that three affiliated companies who were allegedly too large to qualify for PPP loans and forgiveness settled cases for $13 million, with $2.34 million going to the relator. In July 2025, the DOJ announced that a foreign-owned company will pay $2.8 million to settle allegations of PPP fraud under the FCA. A month later, in August 2025, the DOJ announced a much larger settlement—$21.6 million—with three foreign-owned companies. The three foreign-owned companies allegedly falsely certified that they were eligible for PPP loans. Given the extended statute of limitations, we expect to see a steady stream of COVID-era fraud claims in the years to come.

Trade

The FCA has for decades prohibited efforts to evade customs duties, but the DOJ has not enforced the FCA aggressively in this area. That changed in FY 2025. In February 2025, at the keynote address to the Federal Bar Association’s annual qui tam conference, the Deputy Assistant Attorney General said, “You can expect the [DOJ] to continue to use the False Claims Act to enforce these trade laws” and described “aggressive” enforcement efforts. Subsequently, the DOJ announced a series of civil settlements “to resolve allegations of improperly evaded customs duties across a wide range of products, including multi-layered wood flooring, plastic resin, extruded aluminum products, and quartz surface products.”

The Administration continued to signal its commitment to enforce trade fraud through the DOJ’s August 2025 launch of a cross-agency “Trade Fraud Task Force” with the Department of Homeland Security. According to the announcement, the task force will “aggressively pursue enforcement actions against any parties who seek to evade tariffs and other duties, as well as smugglers who seek to import prohibited goods into the American economy.” Notably, the announcement also invited “whistleblowers to utilize the qui tam provisions of the False Claims Act to alert the government to credible allegations of fraud.” 

The Courts got involved as well. The Ninth Circuit recently validated the use of the FCA to enforce customs fraud when it affirmed a nearly $30 million judgment in a qui tam case brought by a domestic manufacturer. The ruling rejected the importer’s claim that the customs laws provided an exclusive remedy for addressing fraud in import transactions.

Given all of this, we expect a substantial uptick in FCA cases and settlements predicated on allegations that importers avoided duties by misrepresenting a product’s country of origin, undervaluing imported products, misrepresenting the harmonized tariff schedule code, or falsely claiming that products were not subject to applicable antidumping duties.

Civil Rights

In May 2025, the DOJ announced the Civil Rights Fraud Initiative, another new area of enforcement. According to the memorandum from the Deputy Attorney General, the FCA is “implicated when a federal contractor or recipient of federal funds knowingly violates civil rights laws” and “falsely certifies compliance with such laws.” The Deputy Attorney General wrote, “a university that accepts federal funds could violate the False Claims Act when it encourages antisemitism, refuses to protect Jewish students, allows men to intrude into women’s bathrooms, or requires women to compete against men in athletic competitions.” He also wrote that certifications of compliance by federal-funding recipients and contractors with diversity, equity, and inclusion (DEI) programs may also implicate the FCA. According to the memorandum, the initiative is to be co-led by the Civil Division’s Fraud Section and the Civil Rights Section, with separate United States Attorney’s Offices to each identify an Assistant United States Attorney to advance these efforts. The memorandum specifically noted that the DOJ “alone cannot identify every instance of civil rights fraud” and that the DOJ “strongly encourages” private parties to file lawsuits and litigate claims under the FCA—and that “anyone with knowledge of discrimination” by recipients of federal funding should report that information to federal authorities.

Soon after, the DOJ and the US Equal Employment Opportunity Commission issued guidance on “unlawful DEI-related discrimination.” The Guidance is the most tangible guidance released to date on what the administration views as “illegal DEI” and a likely roadmap for the DOJ’s FCA investigations under the Civil Rights Fraud Initiative. The Guidance provides a far more expansive view of “unlawful” discrimination and segregation under this Administration, covering not only explicit actions based on protected characteristics but also appearing to target practices such as considering “lived experiences,” geographic targeting, and overcoming hardship or “obstacles” as proxies for unlawful discrimination.

Should the DOJ launch an investigation of a particular practice, subjects should anticipate a full examination of their activities for compliance with the Guidance, including employment, contracting, corporate social responsibility, and other charity or community programs. We can also expect a significant amount of litigation around the DOJ investigation and enforcement efforts based on this Guidance, including interpretation and application of the guidance itself, to resolve whether the Guidance is consistent with recent Supreme Court decisions and other precedent.

Whether—and to what extent—these sorts of certifications will be enforced by courts under the FCA remains an open question. The provisions of the FCA require the government to show that a contractor or grant recipient had actual knowledge or a substantial reason to believe that a false statement was made (e.g., that their programs violated federal antidiscrimination law despite a certification of compliance). Even if a certified contractor is eventually found to have a noncompliant DEI program, the FCA provides that there will not be liability if the contractor’s certification was predicated on a good-faith belief that its program was lawful. Consulting with experienced counsel before making these certifications is a best practice.

Conclusion

FY 2025 showed that the DOJ is committed to enforcing the FCA to deter fraud in traditional contexts, including by investigating and litigating claims against companies in the healthcare, life sciences, and government contracting industries. But the results also reveal the Trump Administration’s willingness to attempt to expand FCA enforcement to new areas, including trade, civil rights, and immigration. Given these evolving priorities, companies that interface with or are regulated by the federal government—which is to say virtually all companies—should re-examine their compliance program, consider conducting targeted auditing, and otherwise prepare for a new enforcement environment.

¹ United States v. Neifert-White Co., 390 U.S. 228, 232 (1968).