Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace

Defendants’ Malware Attacks Caused Nearly One Billion USD in Losses to Three Victims Alone; Also Sought to Disrupt the 2017 French Elections and the 2018 Winter Olympic Games

On Oct. 15, 2020, a federal grand jury in Pittsburgh returned an indictment charging six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces. 

These GRU hackers and their co-conspirators engaged in computer intrusions and attacks intended to support Russian government efforts to undermine, retaliate against, or otherwise destabilize: (1) Ukraine; (2) Georgia; (3) elections in France; (4) efforts to hold Russia accountable for its use of a weapons-grade nerve agent, Novichok, on foreign soil; and (5) the 2018 PyeongChang Winter Olympic Games after Russian athletes were banned from participating under their nation’s flag, as a consequence of Russian government-sponsored doping effort. 

Their computer attacks used some of the world’s most destructive malware to date, including: KillDisk and Industroyer, which each caused blackouts in Ukraine; NotPetya, which caused nearly $1 billion in losses to the three victims identified in the indictment alone; and Olympic Destroyer, which disrupted thousands of computers used to support the 2018 PyeongChang Winter Olympics.  The indictment charges the defendants with conspiracy, computer hacking, wire fraud, aggravated identity theft, and false registration of a domain name.

According to the indictment, beginning in or around November 2015 and continuing until at least in or around October 2019, the defendants and their co-conspirators deployed destructive malware and took other disruptive actions, for the strategic benefit of Russia, through unauthorized access  to victim computers (hacking).  As alleged, the conspiracy was responsible for the following destructive, disruptive, or otherwise destabilizing computer intrusions and attacks:

  • Ukrainian Government & Critical Infrastructure: December 2015 through December 2016 destructive malware attacks against Ukraine’s electric power grid, Ministry of Finance, and State Treasury Service, using malware known as BlackEnergy, Industroyer, and KillDisk;
  • French Elections: April and May 2017 spearphishing campaigns and related hack-and-leak efforts targeting French President Macron’s “La République En Marche!” (En Marche!) political party, French politicians, and local French governments prior to the 2017 French elections;
  • Worldwide Businesses and Critical Infrastructure (NotPetya): June 27, 2017 destructive malware attacks that infected computers worldwide using malware known as NotPetya, including hospitals and other medical facilities in the Heritage Valley Health System (Heritage Valley) in the Western District of Pennsylvania; a FedEx Corporation subsidiary, TNT Express B.V.; and a large U.S. pharmaceutical manufacturer, which together suffered nearly $1 billion in losses from the attacks;
  • PyeongChang Winter Olympics Hosts, Participants, Partners, and Attendees: December 2017 through February 2018 spearphishing campaigns and malicious mobile applications targeting South Korean citizens and officials, Olympic athletes, partners, and visitors, and International Olympic Committee (IOC) officials;
  • PyeongChang Winter Olympics IT Systems (Olympic Destroyer): December 2017 through February 2018 intrusions into computers supporting the 2018 PyeongChang Winter Olympic Games, which culminated in the Feb. 9, 2018, destructive malware attack against the opening ceremony, using malware known as Olympic Destroyer;
  • Novichok Poisoning Investigations: April 2018 spearphishing campaigns targeting investigations by the Organisation for the Prohibition of Chemical Weapons (OPCW) and the United Kingdom’s Defence Science and Technology Laboratory (DSTL) into the nerve agent poisoning of Sergei Skripal, his daughter, and several U.K. citizens; and
  • Georgian Companies and Government Entities: a 2018 spearphishing campaign targeting a major media company, 2019 efforts to compromise the network of Parliament, and a wide-ranging website defacement campaign in 2019.

Cybersecurity researchers have tracked the Conspirators and their malicious activity using the labels “Sandworm Team,” “Telebots,” “Voodoo Bear,” and “Iron Viking.”

The charges were announced by Assistant Attorney General John C. Demers; FBI Deputy Director David Bowdich; U.S. Attorney for the Western District of Pennsylvania Scott W. Brady; and Special Agents in Charge of the FBI’s Atlanta, Oklahoma City, and Pittsburgh Field Offices, J.C. “Chris” Hacker, Melissa R. Godbold, and Michael A. Christman, respectively.

“No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John C. Demers.  “Today the department has charged these Russian officers with conducting the most disruptive and destructive series of computer attacks ever attributed to a single group, including by unleashing the NotPetya malware.  No nation will recapture greatness while behaving in this way.”

“The FBI has repeatedly warned that Russia is a highly capable cyber adversary, and the information revealed in this indictment illustrates how pervasive and destructive Russia’s cyber activities truly are,” said FBI Deputy Director David Bowdich.  “But this indictment also highlights the FBI’s capabilities.  We have the tools to investigate these malicious malware attacks, identify the perpetrators, and then impose risks and consequences on them.  As demonstrated today, we will relentlessly pursue those who threaten the United States and its citizens.”

“For more than two years we have worked tirelessly to expose these Russian GRU Officers who engaged in a global campaign of hacking, disruption and destabilization, representing the most destructive and costly cyber-attacks in history,” said U.S. Attorney Scott W. Brady for the Western District of Pennsylvania.  “The crimes committed by Russian government officials were against real victims who suffered real harm.  We have an obligation to hold accountable those who commit crimes – no matter where they reside and no matter for whom they work – in order to seek justice on behalf of these victims.” 

“The exceptional talent and dedication of our teams in Pittsburgh, Atlanta and Oklahoma City who spent years tracking these members of the GRU is unmatched,” said FBI Pittsburgh Special Agent in Charge Michael A. Christman.  “These criminals underestimated the power of shared intelligence, resources and expertise through law enforcement, private sector and international partnerships.”

The defendants, Yuriy Sergeyevich Andrienko (Юрий Сергеевич Андриенко), 32; Sergey Vladimirovich Detistov (Сергей Владимирович Детистов), 35; Pavel Valeryevich Frolov (Павел Валерьевич Фролов), 28; Anatoliy Sergeyevich Kovalev (Анатолий Сергеевич Ковалев), 29; Artem Valeryevich Ochichenko (Артем Валерьевич Очиченко), 27; and Petr Nikolayevich Pliskin (Петр Николаевич Плискин), 32, are all charged in seven counts: conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.  Each defendant is charged in every count.  The charges contained in the indictment are merely accusations, however, and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt.

The indictment accuses each defendant of committing the following overt acts in furtherance of the charged crimes:

Defendant

Summary of Overt Acts

Yuriy Sergeyevich Andrienko

·      Developed components of the NotPetya and Olympic Destroyer malware.

Sergey Vladimirovich Detistov

·      Developed components of the NotPetya malware; and

·      Prepared spearphishing campaigns targeting the 2018 PyeongChang Winter Olympic Games. 

Pavel Valeryevich Frolov

·       Developed components of the KillDisk and NotPetya malware.

Anatoliy Sergeyevich Kovalev

·       Developed spearphishing techniques and messages used to target:

–       En Marche! officials;

–       employees of the DSTL;

–       members of the IOC and Olympic athletes; and

–       employees of a Georgian media entity.

Artem Valeryevich Ochichenko

·       Participated in spearphishing campaigns targeting 2018 PyeongChang Winter Olympic Games partners; and

·       Conducted technical reconnaissance of the Parliament of Georgia official domain and attempted to gain unauthorized access to its network.

Petr Nikolayevich Pliskin

·       Developed components of the NotPetya and Olympic Destroyer malware. 

The defendants and their co-conspirators caused damage and disruption to computer networks worldwide, including in France, Georgia, the Netherlands, Republic of Korea, Ukraine, the United Kingdom, and the United States. 

The NotPetya malware, for example, spread worldwide, damaged computers used in critical infrastructure, and caused enormous financial losses.  Those losses were only part of the harm, however.  For example, the NotPetya malware impaired Heritage Valley’s provision of critical medical services to citizens of the Western District of Pennsylvania through its two hospitals, 60 offices, and 18 community satellite facilities.  The attack caused the unavailability of patient lists, patient history, physical examination files, and laboratory records.  Heritage Valley lost access to its mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for approximately one week and administrative computer systems for almost one month, thereby causing a threat to public health and safety.

The conspiracy to commit computer fraud and abuse carries a maximum sentence of five years in prison; conspiracy to commit wire fraud carries a maximum sentence of 20 years in prison; the two counts of wire fraud carry a maximum sentence of 20 years in prison; intentional damage to a protected computer carries a maximum sentence of 10 years in prison; and the two counts of aggravated identity theft carry a mandatory sentence of two years in prison.  The indictment also alleges false registration of domain names, which would increase the maximum sentence of imprisonment for wire fraud to 27 years in prison; the maximum sentence of imprisonment for intentional damage to a protected computer to 17 years in prison; and the mandatory sentence of imprisonment for aggravated identity theft to four years in prison.  These maximum potential sentences are prescribed by Congress, however, and are provided here for informational purposes only, as the assigned judge will determine any sentence of a defendant.

Defendant Kovalev was previously charged in federal indictment number CR 18-215, in the District of Columbia, with conspiring to gain unauthorized access into the computers of U.S. persons and entities involved in the administration of the 2016 U.S. elections.

Trial Attorney Heather Alpino and Deputy Chief Sean Newell of the National Security Division’s Counterintelligence and Export Control Section and Assistant U.S. Attorneys Charles Eberle and Jessica Smolar of the U.S. Attorney’s Office for the Western District of Pennsylvania are prosecuting this case.  The FBI’s Atlanta, Oklahoma City, and Pittsburgh field offices conducted the investigation, with the assistance of the FBI’s Cyber Division.

The Criminal Division’s Office of International Affairs provided critical assistance in this case.  The department also appreciates the significant cooperation and assistance provided by Ukrainian authorities, the Governments of the Republic of Korea and New Zealand, Georgian authorities, and the United Kingdom’s intelligence services, as well as many of the FBI’s Legal Attachés and other foreign authorities around the world.  Numerous victims cooperated and provided valuable assistance in the investigation.

The department is also grateful to Google, including its Threat Analysis Group (TAG); Cisco, including its Talos Intelligence Group; Facebook; and Twitter, for the assistance they provided in this investigation.  Some private sector companies independently disabled numerous accounts for violations of the companies’ terms of service.

Hits: 1

News Network

  • France Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Former Venezuelan National Treasurer and Her Spouse Charged in Connection with International Bribery and Money Laundering Scheme
    In Crime News
    A former Venezuelan National Treasurer and her spouse were charged in a superseding indictment filed Tuesday for their alleged participation in a previously indicted billion-dollar currency exchange and money laundering scheme. An alleged co-conspirator was previously charged in the original indictment.
    [Read More…]
  • Nepal Travel Advisory
    In Travel
    Reconsider travel [Read More…]
  • U.S. Businesses Must Take a Stand Against China’s Human Rights Abuses
    In Human Health, Resources and Services
    Keith Krach, Under [Read More…]
  • Assistant Attorney General Makan Delrahim Delivers Remarks at Georgetown Law’s Global Antitrust Enforcement Symposium
    In Crime News
    “Reflections”: Looking [Read More…]
  • Turkish Businessman Arrested in Austria on Charges that He Allegedly Laundered Over $133 Million in Fraud Proceeds
    In Crime News
    A Turkish businessman was arrested in Austria on June 19, at the request of the U.S. Department of Justice. This arrest followed a superseding indictment returned by a federal grand jury in Salt Lake City, Utah, on April 28, which was unsealed today. The superseding indictment charged Sezgin Baran Korkmaz with one count of conspiring to commit money laundering, 10 counts of wire fraud, and one count of obstruction of an official proceeding.
    [Read More…]
  • Russian Cybercriminal Sentenced to Prison for Role in $100 Million Botnet Conspiracy
    In Crime News
    A Russian national was sentenced Oct. 30 to eight years in prison for his role in operating a sophisticated scheme to steal and traffic sensitive personal and financial information in the online criminal underground that resulted in an estimated loss of over $100 million.
    [Read More…]
  • United States Places Global Magnitsky Sanctions on the Cuban Ministry of Interior and Its Minister
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Owner of Oil Chem Inc. Pleads Guilty to Violating the Clean Water Act
    In Crime News
    The president and owner of Oil Chem Inc. pleaded guilty in federal court in Flint, Michigan, to a criminal charge of violating the Clean Water Act stemming from illegal discharges of landfill leachate — totaling more than 47 million gallons — into the city of Flint sanitary sewer system over an eight and a half year period.
    [Read More…]
  • Justice Department Reaches Agreement with Two Community Colleges to Improve Access for Students with Disabilities
    In Crime News
    The Justice Department announced today the signing of two agreements with community colleges to remove barriers experienced by students with disabilities, including veterans.
    [Read More…]
  • Electricity Grid Resilience: Climate Change Is Expected to Have Far-reaching Effects and DOE and FERC Should Take Actions
    In U.S GAO News
    What GAO Found Climate change is expected to have far-reaching effects on the electricity grid that could cost billions and could affect every aspect of the grid from generation, transmission, and distribution to demand for electricity, according to several reports GAO reviewed. The type and extent of these effects on the grid will vary by geographic location and other factors. For example, reports GAO reviewed stated that more frequent droughts and changing rainfall patterns may adversely affect hydroelectricity generation in Alaska and the Northwest and Southwest regions of the United States. Further, transmission capacity may be reduced or distribution lines damaged during increasing wildfire activity in some regions due to warmer temperatures and drier conditions. Moreover, climate change effects on the grid could cost utilities and customers billions, including the costs of power outages and infrastructure damage. Examples of Climate Change Effects on the Electricity Grid Since 2014, the Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC) have taken actions to enhance the resilience of the grid. For example, in 2015, DOE established a partnership with 18 utilities to plan for climate change. In 2018, FERC collected information from grid operators on grid resilience and their risks to hazards such as extreme weather. Nevertheless, opportunities exist for DOE and FERC to take additional actions to enhance grid resilience to climate change. For example, DOE identified climate change as a risk to energy infrastructure, including the grid, but it does not have an overall strategy to guide its efforts. GAO's Disaster Resilience Framework states that federal efforts can focus on risk reduction by creating resilience goals and linking those goals to an overarching strategy. Developing and implementing a department-wide strategy that defines goals and measures progress could help prioritize DOE's climate resilience efforts to ensure that resources are targeted effectively. Regarding FERC, it has not taken steps to identify or assess climate change risks to the grid and, therefore, is not well positioned to determine the actions needed to enhance resilience. Risk management involves identifying and assessing risks to understand the likelihood of impacts and their associated consequences. By doing so, FERC could then plan and implement appropriate actions to respond to the risks and achieve its objective of promoting resilience. Why GAO Did This Study According to the U.S. Global Change Research Program, changes in the earth's climate are under way and expected to increase, posing risks to the electricity grid that may affect the nation's economic and national security. Annual costs of weather-related power outages total billions of dollars and may increase with climate change, although resilience investments could help address potential effects, according to the research program. Private companies own most of the electricity grid, but the federal government plays a significant role in promoting grid resilience—the ability to adapt to changing conditions; withstand potentially disruptive events; and, if disrupted, to rapidly recover. DOE, the lead agency for grid resilience efforts, conducts research and provides information and technical assistance to industry. FERC reviews mandatory grid reliability standards. This testimony summarizes GAO's report on grid resilience to climate change. Specifically, the testimony discusses (1) potential climate change effects on the electricity grid; and (2) actions DOE and FERC have taken since 2014 to enhance electricity grid resilience to climate change effects, and additional actions these agencies could take. GAO reviewed reports and interviewed agency officials and 55 relevant stakeholders.
    [Read More…]
  • Justice Department Applauds Passage of the Criminal Antitrust Anti-Retaliation Act
    In Crime News
    On Dec. 23, 2020, President Donald J. Trump signed into law the Criminal Antitrust Anti-Retaliation Act (the “Act”), which prohibits employers from retaliating against certain individuals who report criminal antitrust violations. The Act was sponsored by Senator Chuck Grassley, passed the Senate on Oct. 17, 2019, and passed the House of Representatives on Dec. 8, 2020.
    [Read More…]
  • On the First Anniversary of the Death of Abu Bakr al-Baghdadi 
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • United Airlines to Pay $49 Million to Resolve Criminal Fraud Charges and Civil Claims
    In Crime News
    United Airlines Inc. (United), the world’s third largest airline, has agreed to pay over $49 million to resolve criminal charges and civil claims relating to fraud on postal service contracts for transportation of international mail.
    [Read More…]
  • Remarks by Attorney General William P. Barr at a Press Conference Announcing the Results of Operation Crystal Shield
    In Crime News
    Remarks as Delivered [Read More…]
  • Sri Lanka Travel Advisory
    In Travel
    Reconsider travel to Sri [Read More…]
  • Former West Virginia Law Enforcement Officer Charged with Federal Civil Rights Offense
    In Crime News
    A federal grand jury in West Virginia returned an indictment Tuesday charging a former West Virginia police officer with a civil rights offense against an arrestee.
    [Read More…]
  • Justice Department Files Housing Discrimination Lawsuit Against Staten Island, New York Rental Agent and Real Estate Agency
    In Crime News
    The Department of Justice announced today that it has filed a lawsuit against Village Realty of Staten Island Ltd. and Denis Donovan, a sales and former rental agent at Village Realty, alleging discrimination against African Americans in violation of the Fair Housing Act when offering housing units for rent. The lawsuit is based on the results of testing conducted by the department’s Fair Housing Testing Program, in which individuals pose as renters to gather information about possible discriminatory practices. 
    [Read More…]
  • Kevin M. Epstein Appointed as U.S. Trustee for the Southern and Western Districts of Texas
    In Crime News
    Attorney General William P. Barr has appointed Kevin M. Epstein as the U.S. Trustee for the Southern and Western Districts of Texas (Region 7) effective Jan. 1, 2021, the Executive Office for U.S. Trustees (EOUST) announced today.
    [Read More…]
  • North Carolina Return Preparer Pleads Guilty to Tax Fraud Scheme
    In Crime News
    A North Carolina return preparer pleaded guilty today to conspiring to defraud the United States.
    [Read More…]
  • Secretary Michael R. Pompeo At the Mining, Agriculture, and Construction Protocol Signing Ceremony
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Terrorist Designation of ISIS Leader Amir Muhammad Sa’id Abdal-Rahman al-Mawla
    In Crime News
    Office of the [Read More…]
  • An Information-Centric Perspective on Coherence Collaboration: Analyses of Uganda and Ecuador (Penn State)
    In Human Health, Resources and Services
    Bureau of Population, [Read More…]
  • High-Risk Series: Dedicated Leadership Needed to Address Limited Progress in Most High-Risk Areas
    In U.S GAO News
    Overall ratings in 2021 for 20 of GAO's 2019 high-risk areas remain unchanged, and five regressed. Seven areas improved, one to the point of removal from the High-Risk List. Two new areas are being added, bringing our 2021 High-Risk List to 36 areas. Where there has been improvement in high-risk areas, congressional actions, in addition to those by executive agencies, have been critical in spurring progress. GAO is removing Department of Defense (DOD) Support Infrastructure Management from the High-Risk List. Among other things, DOD has more efficiently utilized military installation space; reduced its infrastructure footprint and use of leases, reportedly saving millions of dollars; and improved its use of installation agreements, reducing base support costs GAO is narrowing the scope of three high-risk areas by removing segments of the areas due to progress that has been made. The affected areas are: (1) Federal Real Property (Costly Leasing) because the General Services Administration has reduced its reliance on costly leases and improved monitoring efforts; (2) DOD Contract Management (Acquisition Workforce) because DOD has significantly rebuilt its acquisition workforce; and (3) Management of Federal Oil and Gas Resources (Offshore Oil and Gas Oversight) because the Department of the Interior's Bureau of Safety and Environmental Enforcement has implemented reforms improving offshore oil and gas oversight. National Efforts to Prevent, Respond to, and Recover from Drug Misuse is being added to the High-Risk List. National rates of drug misuse have been increasing, and drug misuse has resulted in significant loss of life and harmful effects to society and the economy. GAO identified several challenges in the federal government's response, such as a need for greater leadership and coordination of the national effort, strategic guidance that fulfills all statutory requirements, and more effective implementation and monitoring. Emergency Loans for Small Businesses also is being added. The Small Business Administration has provided hundreds of billions of dollars' worth of loans and advances to help small businesses recover from adverse economic impacts created by COVID-19. While loans have greatly aided many small businesses, evidence of fraud and significant program integrity risks need much greater oversight and management attention. Nine existing high-risk areas also need more focused attention (see table). 2021 High-Risk List Areas Requiring Significant Attention High-risk areas that regressed since 2019 High-risk areas that need additional attention USPS Financial Viability IT Acquisitions and Operations Decennial Census Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risks Ensuring the Cybersecurity of the Nation U.S. Government's Environmental Liability Strategic Human Capital Management Improving Federal Oversight of Food Safety EPA's Process for Assessing and Controlling Toxic Chemicals   Source: GAO. | GAO-21-119SP   GAO's 2021 High-Risk List High-risk area Change since 2019 Strengthening the Foundation for Efficiency and Effectiveness Strategic Human Capital Management ↓ Managing Federal Real Propertya ↑ Funding the Nation's Surface Transportation Systemb c n/a Modernizing the U.S. Financial Regulatory Systemb ● Resolving the Federal Role in Housing Financeb ● USPS Financial Viabilityb ↓ Management of Federal Oil and Gas Resourcesa ● Limiting the Federal Government's Fiscal Exposure by Better Managing Climate Change Risksb ● Improving the Management of IT Acquisitions and Operations ● Improving Federal Management of Programs That Serve Tribes and Their Members ● Decennial Census ↓ U.S. Government's Environmental Liabilityb ● Emergency Loans for Small Businesses (new)c n/a Transforming DOD Program Management DOD Weapon Systems Acquisition ● DOD Financial Management ↑ DOD Business Systems Modernization ● DOD Approach to Business Transformation ● Ensuring Public Safety and Security Government-wide Personnel Security Clearance Processb ↑ Ensuring the Cybersecurity of the Nationb ↓ Strengthening Department of Homeland Security Management Functions ● Ensuring the Effective Protection of Technologies Critical to U.S. National Security Interests ● Improving Federal Oversight of Food Safetyb ● Protecting Public Health through Enhanced Oversight of Medical Products ● Transforming EPA's Process for Assessing and Controlling Toxic Chemicals ↓ National Efforts to Prevent, Respond to, and Recover from Drug Misuse (new)c n/a Managing Federal Contracting More Effectively VA Acquisition Managementd n/a DOE's Contract and Project Management for the National Nuclear Security Administration and Office of Environmental Management ↑ NASA Acquisition Management ↑ DOD Contract Managementa ● Assessing the Efficiency and Effectiveness of Tax Law Administration Enforcement of Tax Lawsb ● Modernizing and Safeguarding Insurance and Benefit Programs Medicare Program & Improper Paymentse ● Strengthening Medicaid Program Integrityb ● Improving and Modernizing Federal Disability Programs ● Pension Benefit Guaranty Corporation Insurance Programsb c n/a National Flood Insurance Programb ● Managing Risks and Improving VA Health Careb ↑ (↑ indicates area progressed on one or more criteria since 2019; ↓ indicates area declined on one or more criteria ; ● indicates no change; n/a = not applicable) Source: GAO. | GAO-21-119SP aRatings for a segment within this high-risk area improved sufficiently that the segment was removed. bLegislation is likely to be necessary in order to effectively address this high-risk area. cNot rated, because this high-risk area is newly added or primarily involves congressional action. dRated for the first time, because this high-risk area was newly added in 2019. eOnly rated on one segment; we did not rate other elements of the Medicare program. The federal government is one of the world's largest and most complex entities; about $6.6 trillion in outlays in fiscal year 2020 funded a broad array of programs and operations. GAO's High-Risk Series identifies government operations with vulnerabilities to fraud, waste, abuse, and mismanagement, or in need of transformation to address economy, efficiency, or effectiveness challenges. This biennial update describes the status of high-risk areas, outlines actions that are still needed to assure further progress, and identifies any new high-risk areas needing attention by the executive branch and Congress. Solutions to high-risk problems save billions of dollars, improve service to the public, and strengthen government performance and accountability. GAO uses five criteria to assess progress in addressing high-risk areas: (1) leadership commitment, (2) agency capacity, (3) an action plan, (4) monitoring efforts, and (5) demonstrated progress. This report describes GAO's views on progress made and what remains to be done to bring about lasting solutions for each high-risk area. Addressing GAO's hundreds of open recommendations across the high-risk areas and continued congressional oversight and action are essential to achieving greater progress. For more information, contact Michelle Sager at (202) 512-6806 or sagerm@gao.gov.
    [Read More…]
  • Leader of Armed Home Invasion Robbery Crew Sentenced for RICO Conspiracy and Other Violent Crimes
    In Crime News
    A Texas man was sentenced to 40 years in prison for his leadership role in an armed home invasion robbery crew that traveled the United States targeting families of South Asian and East Asian descent.
    [Read More…]
  • Belarus Travel Advisory
    In Travel
    Reconsider Travel due to [Read More…]
  • The United States Welcomes the Breakthrough To Restore Gulf and Arab Unity
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Secretary Pompeo’s Video Remarks at the Prague 5G Security Conference 2020
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Federal Jury Convicts Illinois Man for Bombing the Dar al-Farooq Islamic Center
    In Crime News
    Yesterday, a federal jury returned a guilty verdict against Micheal Hari, 49, for his role in the bombing of the Dar al-Farooq Islamic Center in Bloomington, Minnesota, on Aug. 5, 2017. The announcement was made by U.S. Attorney for the District of Minnesota Erica H. MacDonald, Assistant Attorney General Eric S. Dreiband of the Department of Justice’s Civil Rights Division, and Special Agent in Charge of the FBI's Minneapolis Division Michael Paul.
    [Read More…]
  • Malawi Travel Advisory
    In Travel
    Do not travel [Read More…]
  • Secretary Blinken’s Call with Colombian Foreign Minister Blum
    In Crime Control and Security News
    Office of the [Read More…]
  • The Justice Department’s Hate Crimes Enforcement and Prevention Initiative Announces Newly Translated Online Hate Crimes Resources
    In Crime News
    Today, marking the 40th Anniversary of National Crime Victims’ Rights Week (NCVRW), the Justice Department’s Hate Crimes Enforcement and Prevention Initiative announced newly translated hate crimes resources in eight languages for the department’s hate crimes website, www.justice.gov/hatecrimes.
    [Read More…]
  • Justice Department Settles Lawsuit Against Owners and Mangers of Housing Properties in Honolulu, Hawaii for Discriminating Against Families with Children
    In Crime News
    The Justice Department announced today that it has reached a settlement with the owners and managers of housing in Honolulu, Hawaii, to resolve a lawsuit filed last year alleging that the defendants refused to rent to families with children at properties they owned and managed, in violation of the Fair Housing Act.
    [Read More…]
  • Secretary Antony J. Blinken With Andrea Mitchell of MSNBC Andrea Mitchell Reports
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Request for Statements of Interest: DRL FY20 Iraq Programs
    In Human Health, Resources and Services
    Bureau of Democracy, [Read More…]
  • Owner of Tax Preparation Business Sentenced to Prison for Filing False Returns
    In Crime News
    A former Gulfport, Mississippi, tax return preparer was sentenced to 46 months in prison today for aiding and assisting in the preparation of false returns, announced Principal Deputy Assistant Attorney General Richard E. Zuckerman of the Justice Department’s Tax Division and U.S. Attorney Mike Hurst for the Southern District of Mississippi.
    [Read More…]
  • Michigan Man Indicted for Hate Crimes After Attacking African-American Teenagers
    In Crime News
    The Justice Department announced today that Lee Mouat, 42, has been indicted for federal hate crimes. Mouat is charged with two counts of violating 18 U.S.C. § 249 by willfully causing bodily injury to a Black teenager and attempting to cause bodily injury to another Black teenager, through the use of a dangerous weapon, because of the teenagers’ race. Mouat was previously charged with the former count by criminal complaint in federal district court on Oct. 13, 2020.
    [Read More…]
  • Defense Science and Technology: Opportunities to Better Integrate Industry Independent Research and Development into DOD Planning
    In U.S GAO News
    Why This Matters Research and development (R&D) projects in high-tech areas like cybersecurity and biotechnology can help the U.S. military reassert its technological edge. Contractors decide what independent R&D projects to conduct and the Department of Defense (DOD) reimburses them about $4 billion-$5 billion annually. More information about those projects could help DOD guide its own R&D investments. Key Takeaways DOD does not know how contractors’ independent R&D projects fit into the department’s technology goals. As a result, DOD risks making decisions about its multi-billion dollar science and tech investments that could duplicate work or miss opportunities to fill in gaps that the contributions of private industry do not cover. DOD has a database of independent R&D projects, but it is not very useful for informing investment decisions because DOD does not obtain information in these and other areas: Priority. Contractors do not identify whether a project aligns with any of 10 modernization priorities. The department uses those priorities to make decisions about R&D investments. Cost. The database does not capture a project’s complete cost, which could help DOD understand cost implications of future related work. Innovation. The database does not include whether a project is a lower-risk, incremental development or a more innovative “disruptive” technology. Disruptive projects carry higher risk of failure but offer possible significant rewards in the long term. While DOD is not required to review independent R&D projects to understand how they support DOD’s priorities, GAO analysis showed 38 percent of industry projects aligned with DOD’s priorities. To help DOD better understand the scope and nature of independent projects, we recommend DOD determine whether to require additional information in the project database and review projects annually as part of its strategic planning process. DOD agreed with both recommendations. How GAO Did This Study We categorized a sample of completed projects from 2014–2018 by innovation type and analyzed projects completed in 2018 for alignment with DOD's modernization priorities. We also reviewed DOD policies on independent R&D and interviewed representatives from 10 defense contractors. For more information, contact Timothy J. DiNapoli at (202) 512-4841 or dinapolit@gao.gov.
    [Read More…]
  • Brooklyn Man Pleads Guilty in Manhattan Federal Court to Attempting to Provide Material Support to ISIS
    In Crime News
    The Department of Justice announced that Zachary Clark, a/k/a “Umar Kabir,” a/k/a “Umar Shishani,” a/k/a “Abu Talha,” pleaded guilty to attempting to provide material support to the Islamic State of Iraq and al-Sham (ISIS). Clark pled guilty today in Manhattan federal court before U.S. District Judge Naomi Reice Buchwald. Judge Buchwald is scheduled to sentence Clark on Feb. 9, 2021, at 12:00 p.m.
    [Read More…]
  • The Gambia Travel Advisory
    In Travel
    Reconsider travel to The [Read More…]
  • Department Press Briefing – March 1, 2021
    In Crime Control and Security News
    Ned Price, Department [Read More…]
  • 10th Anniversary of the Revolution in Tunisia
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Aviation Consumer Protection: Increased Transparency Could Help Build Confidence in DOT’s Enforcement Approach
    In U.S GAO News
    The Department of Transportation's (DOT) enforcement approach generally uses a range of methods to encourage compliance with consumer protection regulations, including conducting outreach and information-sharing, issuing guidance, and sending non-punitive warning letters for those violations that do not rise to the level that warrants a consent order. DOT usually enters into consent orders when it has evidence of systematic or egregious violations. Such orders are negotiated between DOT and violators (e.g., airlines) and typically include civil penalties. DOT officials see benefits from using consent orders, which can include credits for actions taken to benefit consumers or to improve the travel environment. Annual consent orders increased from 20 in 2008 to 62 in 2012, but then generally declined to a low of eight in 2019. GAO's analysis showed that the decline in consent orders was most marked among those issued against non-air carrier entities (e.g., travel agents), those addressing certain types of violations such as advertising, and orders containing smaller civil penalty amounts. DOT officials said that the agency did not change its enforcement practices during this time. Examples of DOT's Compliance Promotion and Enforcement Efforts Airlines and consumer advocates GAO interviewed said that DOT's enforcement process lacked transparency, including into how investigations were conducted and resolved and about when and why DOT takes enforcement actions. Moreover, DOT publishes limited information related to the results of its enforcement activities, notably information about the number and type of consumer complaints it receives as well as issued consent orders. DOT does not publish other information such as aggregated data about the number or nature of open and closed investigations or issued warning letters. DOT is taking some actions to increase transparency, such as developing a publicly available handbook, but none of those actions appears to fully address the identified information gaps such as information about the results of investigations. Some other federal agencies provide more information about enforcement activities, including publishing warning letters or data about such letters. Publishing additional information about how DOT conducts investigations and enforcement, and about the results of enforcement activities, could improve stakeholders' understanding of DOT's process and help build confidence in its approach. Consumer advocates, airlines, and other stakeholders have raised concerns about how DOT enforces aviation consumer protection requirements. DOT has the authority to enforce requirements protecting consumers against unfair and deceptive practices, discrimination on the basis of disability or other characteristics, and other harms. The FAA Reauthorization Act of 2018 contained a provision for GAO to review DOT's enforcement of consumer protection requirements. This report examines: (1) DOT's approach to the enforcement of aviation consumer protections and the results of its efforts, and (2) selected stakeholder views on this approach and steps DOT has taken to address identified concerns. GAO reviewed DOT data on consent orders and consumer complaints; reviewed other DOT documentation related to its enforcement program; interviewed DOT officials and selected industry and consumer stakeholders, including advocacy organizations, which we identified from prior work and a literature review; and identified leading practices for regulatory enforcement. GAO is making two recommendations, including: that DOT publish information describing the process it uses to enforce consumer protections, and that DOT take additional steps to provide transparency into the results of its efforts. DOT concurred with these recommendations. For more information, contact Andrew Von Ah at (202) 512-2834 or vonaha@gao.gov.
    [Read More…]
  • Deputy Assistant Attorney General Okuliar Delivers Remarks to the Telecommunications Industry Association
    In Crime News
    Good afternoon. It’s a pleasure to join you today, thank you for the invitation. I’d like to begin with some prepared remarks addressing the importance of predictability and transparency to antitrust enforcement, particularly as it relates to standards-essential patents, give an overview of the Division’s recent activity in this space, and then turn to some questions.
    [Read More…]
  • Joint Statement on the United States – Iceland Strategic Dialogue
    In Crime Control and Security News
    Office of the [Read More…]
  • Quantadyn Corporation And Owner Settle False Claims Act Allegations of Bribery To Obtain Government Contracts For Simulators
    In Crime News
    The Department of Justice announced today that QuantaDyn Corporation (QuantaDyn), headquartered in Ashburn, Virginia, has agreed to resolve civil claims arising from allegations that it engaged in a bribery scheme to steer government contracts for training simulators to the company, as part of a broader settlement that includes a guilty plea by the company.  As part of the plea agreement, QuantaDyn has agreed to pay $37,757,713.91 in restitution, which also will resolve the company’s civil False Claims Act liability for the scheme.  William T. Dunn Jr., the majority owner, President, and Chief Executive Officer of QuantaDyn, has separately paid $500,000 to resolve his personal False Claims Act liability. 
    [Read More…]
  • DAG Monaco Delivers Remarks at Press Conference on Darkside Attack on Colonial Pipeline
    In Crime News
    Today, the Department of Justice is announcing a significant development in the ransomware attack on the Colonial Pipeline.
    [Read More…]
  • Massachusetts Woman Pleads Guilty to Tax and Drug Charges Arising from Multimillion-Dollar Marijuana Enterprise
    In Crime News
    A Massachusetts woman pleaded guilty today to tax evasion, conspiracy to distribute marijuana, possession of marijuana with intent to distribute, and money laundering.
    [Read More…]
  • Private Health Insurance: Markets Remained Concentrated through 2018, with Increases in the Individual and Small Group Markets
    In U.S GAO News
    Enrollment in private health insurance plans in the individual (coverage sold directly to individuals), small group (coverage offered by small employers), and large group (coverage offered by large employers) markets has historically been highly concentrated among a small number of issuers. GAO found that this pattern continued in 2017 and 2018. For example: For each market in 2018, at least 43 states (including the District of Columbia) were highly concentrated. Overall individual and small group markets have become more concentrated in recent years. The national median market share of the top three issuers increased by approximately 8 and 5 percentage points, respectively, from 2015 through 2018. With these increases, the median concentration was at least 94 percent in both markets in 2018. Number of States and District of Columbia Where the Three Largest Issuers Had at Least 80 Percent of Enrollment, by Market, 2011-2018 GAO found similar patterns of high concentration across the 39 states in 2018 that used federal infrastructure to operate individual market exchanges— marketplaces where consumers can compare and select among insurance plans sold by participating issuers—established in 2014 by the Patient Protection and Affordable Care Act (PPACA) and known as federally facilitated exchanges. From 2015 through 2018, states that were already highly concentrated became even more concentrated, often because the number of issuers decreased or the existing issuers accrued the entirety of the market share within a state. In 2017 and 2018 all 39 states were highly concentrated. GAO received technical comments on a draft of this report from the Department of Health and Human Services and incorporated them as appropriate. GAO previously reported that, from 2011 through 2016, enrollment in the individual, small group, and large group health insurance markets was concentrated among a few issuers in most states (GAO-19-306). GAO considered states' markets or exchanges to be highly concentrated if three or fewer issuers held at least 80 percent of the market share. GAO also found similar concentration on the health insurance exchanges established in 2014 by PPACA. A highly concentrated health insurance market may indicate less issuer competition and could affect consumers' choice of issuers and the premiums they pay for coverage. PPACA included a provision for GAO to periodically study market concentration. This report describes changes in the concentration of enrollment among issuers in the overall individual, small group, and large group markets; and individual market federally facilitated exchanges. GAO determined market share in the overall markets using enrollment data from 2017 and 2018 that issuers are required to report annually to the Centers for Medicare & Medicaid Services (CMS). GAO determined market share in the individual market federally facilitated exchanges in 2018 using enrollment data from CMS. For all analyses, GAO used the latest data available. For more information, contact John Dicken at (202) 512-7114 or dickenj@gao.gov.
    [Read More…]
  • Remarks by Deputy Attorney General Jeffrey A. Rosen on the Settlement of Clean Air Act Claims against Daimler AG and Mercedes-Benz USA LLC
    In Crime News
    Remarks as Prepared for [Read More…]
  • Facial Recognition Technology: Privacy and Accuracy Issues Related to Commercial Uses
    In U.S GAO News
    Market research and other data suggest that the market for facial recognition technology has increased in the number and types of businesses that use it since GAO's 2015 report on the topic (GAO-15-621 ). For example, newer functions of the technology identified by stakeholders and literature included authorizing payments and tracking and monitoring attendance of students, employees, or those attending events. Functions of Facial Recognition Technology Accuracy. Although the accuracy of facial recognition technology has increased dramatically in recent years, differences in performance exist for certain demographic groups. National Institute of Standards and Technology tests found that facial recognition technology generally performs better on lighter-skin men and worse on darker-skin women, and does not perform as well on children and elderly adults. These differences could result in more frequent misidentification for certain demographics, such as misidentifying a shopper as a shoplifter when comparing the individual's image against a data set of known shoplifters. There is no consensus on what causes performance differences, including physical factors (such as lighting) or factors related to the creation or operation of the technology. However, stakeholders and literature identified various methods that could help mitigate differences in performance among demographic groups. Privacy. Stakeholders and literature identified concerns related to privacy, such as the inability of individuals to remain anonymous in public or the use of the technology without individuals' consent. Facial recognition technology may collect or store facial images, posing varying levels of risk. Some federal and state laws and the European Union's General Data Protection Regulation impose requirements on U.S. companies related to facial recognition technology. However, as we reported in 2015, there is no comprehensive federal privacy law governing the collection, use, and sale of personal information by private-sector companies. Some stakeholders, including privacy and industry groups, have developed voluntary frameworks that seek to address privacy concerns. Most of these frameworks were consistent with internationally recognized principles for protecting the privacy and security of personal information. However, U.S. companies are not required to follow these voluntary frameworks. Facial recognition technology can verify or identify an individual from a facial image. Advocacy groups and others have raised privacy concerns related to private companies' use of the technology, as well as concerns that higher error rates among some demographic groups could lead to disparate treatment. GAO was asked to review the commercial use of facial recognition technology and related accuracy and privacy issues. Among other issues, this report examines how companies use the technology, its accuracy and how accuracy differs across demographic groups, and how privacy issues are addressed in laws and industry practices. GAO analyzed laws; reviewed literature and company documentation; interviewed federal agency officials; and interviewed representatives from companies, industry groups, and privacy groups. GAO also reviewed selected privacy frameworks, chosen based on expert recommendations and research. GAO reiterates its previous suggestion from a 2013 report ( GAO-13-663 ) that Congress consider strengthening the consumer privacy framework to reflect changes in technology and the marketplace. For more information, contact Alicia Puente Cackley at (202) 512-8678 or cackleya@gao.gov.
    [Read More…]
  • Designation of Jhon Fredy Zapata Garzon Under the Foreign Narcotics Kingpin Designation Act
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Anguilla Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Reagan National Airport: Information on Effects of Federal Statute Limiting Long-Distance Flights
    In U.S GAO News
    Airlines serving Ronald Reagan Washington National Airport (Reagan National) are subject to, among other federal operational requirements, (1) a “perimeter rule,” limiting nonstop flights to a distance of 1,250 miles unless there is an exemption, and (2) a “slot” or operating authorization requirement for each takeoff and landing. GAO found that while the 40 daily beyond-perimeter flights to or from Reagan National accounted for about 6 percent of flights and 10 percent of passengers at the airport in 2019, the additional flights may have had some limited effects, including further reducing the airport's landside capacity (e.g., ticketing and gates). GAO's analysis of the Department of Transportation's (DOT) data from 2010 through 2019 showed that airlines used larger aircraft on beyond-perimeter flights carrying, on average, about 75 more passengers than within-perimeter flights. While these larger aircraft may use more capacity, they did not contribute to a substantial increase in flight delays at Reagan National. The beyond-perimeter flights may have also had other effects, such as drawing a few flights and passengers from Washington Dulles International Airport (Dulles). 2020 Beyond-Perimeter Flight Exemptions at Ronald Reagan Washington National Airport Several factors—existing slot control rules; capacity at Reagan National; and potential effects on noise, other area airports, passengers, and airline competition—should be considered in any decision to modify Reagan National's perimeter rule, according to GAO's prior work and stakeholder interviews. GAO examined these factors under three scenarios: (1) no changes to the current perimeter rule or beyond-perimeter flights, (2) adding a small number of beyond-perimeter flights, and (3) completely lifting the perimeter rule. Many stakeholders who provided a perspective did not support changes to the perimeter rule, citing concerns about increased congestion at Reagan National or drawing passengers from other airports, primarily Dulles. Some stakeholders supported adding a small number of beyond-perimeter flights, citing increased competition if airlines added service to existing routes. No stakeholders supported lifting the perimeter rule, saying it would disadvantage airlines with a small number of flights at Reagan National. Regardless of their position on the rule, many stakeholders said airlines would add beyond-perimeter flights if allowed. Reagan National's perimeter and slot control rules were designed in part, respectively, to help increase use of Dulles and manage congestion at Reagan National by limiting the number of flights. On three occasions—2000, 2003, and 2012—federal statutes have provided exemptions to the perimeter rule, collectively allowing 40 daily beyond-perimeter flights (20 round trips) at Reagan National. Of these exemptions, 32 were new beyond-perimeter flights and eight allowed airlines to convert existing slots to beyond-perimeter flights. The Metropolitan Washington Airports Authority (MWAA) operates Reagan National and Dulles, and DOT and the Federal Aviation Administration (FAA) oversee these rules. GAO was asked to update its past work on the perimeter rule. This report describes (1) the effects of beyond-perimeter flights at Reagan National, and (2) key considerations if additional beyond-perimeter flights are allowed. GAO analyzed DOT data for the most recent 10-year period (2010 through 2019) on passengers and flights at Reagan National and Dulles, and MWAA data on airport capacity at Reagan National in 2019. GAO also reviewed relevant statutes and regulations, and interviewed DOT and FAA officials, and a non-generalizable sample of 32 stakeholders: 9 airlines, 4 airport authorities, 7 academics, 5 associations, 5 community groups, and 2 consumer advocates. Selected airlines included those that operate out of Reagan National or Dulles; other stakeholders were recommended or selected, in part, from prior GAO work and their expertise on the topic. For more information, contact Heather Krause at (202) 512-2834 or krauseh@gao.gov.
    [Read More…]
  • Andorra Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • Sea Turtle Conservation and Shrimp Imports Into the United States
    In Crime Control and Security News
    Office of the [Read More…]
  • Assault on Democracy in Hong Kong
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Medicaid Information Technology: Effective CMS Oversight and States’ Sharing of Claims Processing and Information Retrieval Systems Can Reduce Costs
    In U.S GAO News
    The Centers for Medicare and Medicaid Services (CMS) has reimbursed billions of dollars to states for the development, operation, and maintenance of claims processing and information retrieval systems—the Medicaid Management Information Systems (MMIS) and Eligibility and Enrollment (E&E) systems. Specifically, from fiscal year 2008 through fiscal year 2018, states spent a total of $44.1 billion on their MMIS and E&E systems. CMS reimbursed the states $34.3 billion of that total amount (see figure). Money Spent by States and Reimbursed by CMS from 2008–2018 for Medicaid Management Information Systems (MMIS) and Eligibility and Enrollment (E&E) Systems For fiscal years 2016 through 2018, CMS approved 93 percent and disapproved 0.4 percent of MMIS funding requests, while for E&E it approved 81 percent and disapproved 1 percent of the requests. The remaining 6.6 percent of MMIS requests and 18 percent of E&E requests were either withdrawn by states or were pending. GAO estimates that CMS had some level of supporting evidence of its review for about 74 percent of MMIS requests and about 99 percent of E&E requests. However, GAO estimates that about 100 percent of E&E requests and 68 percent of MMIS requests lacked pertinent information that would be essential for indicating that a complete review had been performed. Among CMS requirements for system implementation funding is that states submit an alternatives analysis, feasibility study, and cost benefit analysis. However, GAO found that about 45 percent of such requests it sampled for fiscal years 2016 through 2018 did not include these required documents. The above weaknesses were due, in part, to a lack of formal, documented procedures for reviewing state funding requests. CMS also lacked a risk-based process for overseeing systems after federal funds were provided. CMS provided helpful comments and recommendations to states in selected cases, but in other instances it did not. In two states that had contractors struggling to deliver successful projects, state officials said they had not received recommendations or technical assistance from CMS. The states eventually terminated the projects after spending a combined $38.5 million in federal funds. According to CMS officials, they rely largely on states to oversee systems projects. This perspective is consistent with a 2018 Office of Management and Budget (OMB) decision that federal information technology (IT) grants totaling about $9 billion annually would no longer be tracked on OMB's public web site on IT investment performance. Accordingly, the CMS and Health and Human Services chief information officers (CIO) are not involved in overseeing MMIS or E&E projects. Similarly, 21 of 47 states responding to GAO's survey reported that their state CIO had little or no involvement in overseeing their MMISs. Such non-involvement of officials with duties that should be heavily focused on successful acquisition and operation of IT projects could be hindering states' ability to effectively implement systems. To improve oversight, CMS has begun a new outcome-based initiative that focuses the agency's review of state funding requests on the successful achievement of business outcomes. However, as of February 2020, CMS had not yet established a timeline for including MMIS and E&E systems in the new outcome-based process. CMS had various initiatives aimed at reducing duplication of Medicaid systems (see table). Description and Status of Centers for Medicare and Medicaid Services Initiatives Aimed at Reducing Duplication by Sharing, Leveraging, and Reusing Medicaid Information Technology Initiative Description Implementation status Number of surveyed states reporting use of the initiative Reuse Repository Used by states to collect and share reusable artifacts. Made available in August 2017. As of January 2020, CMS was no longer supporting this initiative. 25 of the 50 reporting states Poplin Project Was to provide free, open-source application program interfaces for states to use in developing their modular Medicaid systems. Initiative never fully implemented. As of January 2020, CMS was no longer supporting this initiative. Three of the 50 reporting states Open Source Provider Screening Module Open-source module for states to use at no charge. Made available in August 2018. As of January 2020, CMS was no longer supporting this initiative. One of the 50 states reported attempting to use the module. Medicaid Enterprise Cohort Meetings A forum where states can discuss sharing, leveraging, and/or reuse of Medicaid technologies. As of January 2020, Cohort meetings were being held on a monthly basis. 47 of the 50 states reported participating in the meetings. Source: GAO analysis of agency data. | GAO-20-179 However, as of January 2020, the agency was no longer supporting most of these initiatives because they failed to produce the desired results. CMS regulations and GAO's prior work have highlighted the importance of reducing duplication by sharing and reusing Medicaid IT. To illustrate the potential for reducing duplication, 53 percent of state Medicaid officials responding to our survey reported using the same contractor to develop their MMIS. Nevertheless, selected states are taking the initiative to share systems or modules. Further support by CMS could result in additional sharing initiatives and potential cost savings. The Medicaid program is the largest source of health care funding for America's most at-risk populations and is funded jointly by states and the federal government. GAO was asked to assess CMS's oversight of federal expenditures for MMIS and E&E systems used for Medicaid. This report examines (1) the amount of federal funds that CMS has provided to state Medicaid programs to support MMIS and E&E systems, (2) the extent to which CMS reviews and approves states' funding requests for the systems and oversees the use of these funds, and (3) CMS's and states' efforts to reduce potential duplication of Medicaid IT systems. GAO assessed information related to MMIS and E&E systems, such as state expenditure data, federal regulations, and CMS guidance to the states for submitting funding requests, states' system funding requests, and IT project management documents. GAO also evaluated a generalizable sample of approved state funding requests from fiscal years 2016 through 2018 to analyze, among other things, CMS's review and approval process and conducted interviews with agency and state Medicaid officials. GAO also reviewed relevant regulations and guidance on promoting, sharing, and reusing MMIS and E&E technologies; and surveyed 50 states and six territories (hereafter referred to as states) regarding the MMIS and E&E systems, and assessed the complete or partial responses received from 50 states. GAO is making nine recommendations to improve CMS's processes for approving and overseeing the federal funds for MMIS and E&E systems and for bolstering efforts to reduce potential duplication. Among these recommendations are that CMS should develop formal, documented procedures that include specific steps to be taken in the advanced planning document review process and instructions on how CMS will document the reviews; develop, in consultation with the HHS and CMS CIOs, a documented, comprehensive, and risk-based process for how CMS will select IT projects for technical assistance and provide recommendations to assist states that is aimed at improving the performance of the systems; encourage state Medicaid program officials to consider involving state CIOs in overseeing Medicaid IT projects; establish a timeline for implementing the outcome-based certification process for MMIS and E&E systems; and identify, prior to approving funding for systems, similar projects that other states are pursuing so that opportunities to share, leverage, or reuse systems or system modules are considered. In written comments on a draft of this report, the department concurred with eight of the nine recommendations, and described steps it had taken and/or planned to take to address them. The department did not state whether it concurred with GAO's recommendation to encourage state officials to consider involving state CIOs in Medicaid IT projects. HHS stated that it was unable to discern evidence as to whether a certain structure contributed to a specific outcome. GAO believes, consistent with federal law, that CIOs are critically important to the success of IT projects. For more information, contact Vijay D’Souza at (202) 512-6240 or dsouzav@gao.gov.
    [Read More…]
  • Remarks by Deputy Attorney General Jeffrey A. Rosen on the 19th Anniversary of the September 11th Terrorist Attacks
    In Crime News
    Thank you, Lee.  The [Read More…]
  • West Virginia Woman Sentenced for Willful Retention of Top Secret National Defense Information and International Parental Kidnapping
    In Crime News
    Elizabeth Jo Shirley, of Hedgesville, West Virginia, was sentenced today to 97 months of incarceration for unlawfully retaining documents containing national defense information and 36 months of incarceration for international parental kidnapping. Shirley, 47, pleaded guilty to one count of willful retention of national defense information and one count of international parental kidnapping in July 2020. Shirley admitted to unlawfully retaining a National Security Agency (NSA) document containing information classified at the Top Secret/Secret Compartmented Information (TS/SCI) level relating to the national defense that outlines intelligence information regarding a foreign government’s military and political issues. Shirley also admitted to removing her child, of whom she was the non-custodial parent, to Mexico with the intent to obstruct the lawful exercise of the custodial father’s parental rights.
    [Read More…]