Hill ASC Inc., a Maryland-based information technology contractor, has reached a notable settlement of $14.75 million to address allegations related to improper billing practices under the False Claims Act. The settlement is a response to accusations of unauthorized cybersecurity services billed to federal agencies, which were performed outside the approved scope of Hill ASC’s General Services Administration (GSA) Multiple Award Schedule contract.
These services, critical to national security, lacked necessary prior technical evaluations and verification against established standards such as the National Institute of Standards and Technology (NIST) and the Federal Information Security Modernization Act (FISMA). This settlement underscores the importance of contractor integrity in federal cybersecurity efforts. Furthermore, the allegations highlighted the detrimental effects that inadequately qualified IT staff can have on national security when proper oversight is not maintained.
Critical cybersecurity services were performed without essential evaluations or compliance with NIST and FISMA standards.
In addition to unauthorized billing, the company invoiced the government for IT personnel who did not meet the contract’s stipulated qualifications. The lack of proper vetting exposed systems to zero-day vulnerabilities that could have resulted in severe financial consequences. Such practices represent a severe breach of contract terms and federal acquisition regulations, further compromising the integrity of the GSA’s pricing schedules. The presence of unqualified staff on federal IT projects potentially jeopardized both performance and cybersecurity.
The allegations furthermore included billing for unapproved fees and inflated overhead costs, alongside the failure to disclose prompt payment discounts mandated by the Federal Acquisition Regulation (FAR). The misrepresentation of costs, including unallowable incentive compensation, indicated a systematic approach to contravening government contracting standards.
These actions risked undermining the government’s ability to evaluate and award contracts based on accurate cost assessments and best-value principles.
The investigation involved the collaborative efforts of multiple federal entities, including the Department of Justice, GSA, Treasury Office of Inspector General, and the Treasury Inspector General for Tax Administration.
The Justice Department has reiterated its commitment to hold contractors accountable for failing to meet contractual obligations, sending a clear message about the seriousness of compliance within the cybersecurity sector. Moving forward, Hill ASC may face increased scrutiny, and this settlement serves as a cautionary tale for other contractors regarding adherence to federal regulations in cybersecurity and beyond.
