The US Department of Justice (DOJ) reported a record year for False Claims Act (FCA) enforcement in fiscal year 2025, with more than $6.8 billion in settlements and judgments — the largest annual total in the history of the statute. The DOJ also reported a record 1,297 qui tam actions filed by whistleblowers and 401 investigations opened by the government during the year.
The 2025 results confirm that the FCA remains one of the government’s most significant civil enforcement tools, particularly in matters involving federal health care programs, government contracts and grants, cybersecurity obligations, and, increasingly, customs and trade issues. Those results also offer an important preview of likely enforcement priorities in 2026, alongside newer uses of the False Claims Act.
Key Enforcement Themes in FY 2025
Health Care Continues to Drive FCA Recoveries
As in prior years, health care matters accounted for the majority of FCA recoveries, representing more than $5.7 billion of the total amount recovered in FY 2025. The DOJ highlighted several recurring areas of focus, including:
- Managed care, particularly allegations involving unsupported diagnosis codes and retrospective chart reviews used to add improper diagnoses;
- Prescription drugs, including drug pricing, illegal kickbacks, copay assistance arrangements, speaker programs, and dispensing practices; and
- Medically unnecessary services and substandard care, including inappropriate inpatient admissions, unnecessary wound care, infection control deficiencies, inadequate staffing, and poor quality of care in residential settings.
These categories reflect DOJ’s continued scrutiny of coding, reimbursement, and quality-of-care issues across the health care sector.
Procurement, Loan, and Grant Fraud Remain Active Priorities
The DOJ also continued to pursue FCA cases involving government procurement and pandemic-related relief programs. Notable cases throughout FY 2025 cover a range of allegations, including:
- billing Medicare for COVID-19 tests that were not provided,
- billing higher-reimbursement codes for services performed at COVID-19 testing sites,
- false statements in PPP and EIDL loan applications,
- use of confidential procurement information to influence contract awards, and
- failure to disclose accurate cost and pricing data in government contract proposals.
These cases demonstrate that the DOJ remains focused on not only traditional procurement fraud but also alleged misuse of pandemic-era funding and reimbursement programs. In 2025, the DOJ obtained more than 200 settlements and judgments resolving allegations of pandemic-related fraud, recovering more than $230 million.
Cybersecurity Enforcement Continues to Expand
The DOJ’s Civil Cyber-Fraud Initiative continues to generate meaningful enforcement activity. The DOJ recovered more than $52 million in cybersecurity-related FCA settlements in 2025.
The government’s recent settlements have focused on allegations that contractors and grant recipients:
- failed to implement required cybersecurity safeguards,
- falsely certified compliance with contractual cybersecurity standards,
- submitted inaccurate cybersecurity assessment information, or
- failed to timely identify and remediate known vulnerabilities.
For companies that contract with the federal government or participate in federally funded programs (such as through a federally funded state contract), cybersecurity compliance remains an important and growing FCA risk area, particularly where the company makes representations to the government regarding controls, testing, or incident response.
Customs and Trade Enforcement Is a Developing FCA Risk
One of the clearest emerging themes from 2025 is the DOJ’s increased focus on customs and trade fraud. This is reflected in the DOJ’s creation of a Market, Government, and Consumer Fraud Unit within the Criminal Division’s Fraud Section as well as a Trade Fraud Task Force that facilitates increased coordination among the DOJ, U.S. Customs and Border Protection, and the Department of Homeland Security.
The DOJ appears particularly focused on:
- country-of-origin errors,
- tariff misclassification,
- under- or mis-valuation of imported goods,
- forced labor and UFLPA-related issues, and
- creative workarounds designed to reduce duties, such as unbundling costs or services and seeking alternative HTS codes.
Given heightened tariff exposure, increased availability of import data, and express government interest in whistleblower referrals in this area, importers should expect customs-related FCA risk to remain elevated in 2026.
DOJ Continues to Evaluate FCA Theories in the Diversity, Equity, and Inclusion (DEI) Context
2025 enforcement activity also demonstrated the DOJ’s growing use of the FCA to investigate federal fund recipients’ DEI practices as alleged violations of federal civil rights laws. Recent remarks by DOJ officials suggest that the focus is not on the existence of DEI programs themselves but rather on whether contractors engage in conduct that could be characterized as unlawful race- or sex-based discrimination in hiring, promotion, compensation, or training opportunities.
Although this remains an evolving area, companies with federal contracts should be mindful of conduct that could draw DOJ attention, including measuring leader performance by progress towards DEI goals or tracking diversity goals in a manner that expresses preference for people of a particular race or sex. Companies should continue to monitor developments closely, particularly where compliance certifications intersect with employment or contracting practices.
Looking Ahead
FY 2025 enforcement activity suggests several practical takeaways for companies facing FCA exposure in 2026.
- First, whistleblower activity remains a major driver of enforcement. The record number of qui tam filings confirms that private parties will continue to play a central role in surfacing potential FCA claims, even as DOJ expands direct enforcement activity.
- Second, the DOJ continues to place value on self-disclosure, cooperation, and remediation. A number of 2025 resolutions reflected credit for proactive disclosure, cooperation in identifying relevant facts and damages, and compliance enhancements. Companies confronting potential issues should assess early whether internal investigation, remediation, and disclosure may mitigate risk.
- Third, the government is continuing to apply the FCA in both established and emerging contexts. Health care remains the dominant enforcement area, but cybersecurity, customs and trade, DEI, and other nontraditional theories are receiving increasing attention.
Practical Considerations
In light of these trends, companies should consider whether their compliance programs are adequately calibrated to current FCA risks. That may include:
- reviewing controls around billing, coding, and reimbursement practices;
- reassessing procurement and pricing certifications made in connection with government contracts;
- evaluating cybersecurity compliance against contractual requirements and recognized standards;
- reevaluating employment practices that could be perceived as expressing a preference for — or discriminating against — any race or gender;
- reviewing import compliance processes, including classification, valuation, and origin determinations;
- strengthening internal reporting and escalation channels; and
- ensuring prompt investigation and remediation of identified issues.
2025’s record-setting enforcement activity makes clear that the DOJ and the relators’ bar intend to continue using the FCA aggressively in 2026. Organizations that receive federal funds, participate in federal health care programs, or do business with the government should be prepared for continued scrutiny across a widening range of enforcement areas.
