66 Journal of Regulatory Compliance Vol. I
other state and federal computer fraud laws.128 It has since been used to shield
government-connected computer systems from “trespassing, threats,
damage, espionage, and from being corruptly used as instruments of
CFAA encompasses the computer infrastructure of healthcare providers,
particularly because most providers submit claims to federal healthcare
programs and the integrity of those claims increasingly depends upon
computer-generated data.130 The Act is drafted in very broad terms with
numerous provisions, but generally it punishes any malicious actor who
“knowingly causes the transmission of a program, information, code, or
command, and as a result of such conduct, intentionally causes damage
without authorization, to a protected computer.”131 Violations for the
intentional transmission of malicious material—the conduct at issue in most
instances of cybercrime—are associated with severe penalties as follows:
1. Up to life imprisonment and a fine of $250,000 if the
defendant knowingly and recklessly causes a death
through the commission of the offense.132
2. Up to 20 years imprisonment and a fine of $250,000 if
the defendant knowingly or recklessly causes serious
bodily injury through the commission of the offense.133
3. Up to 10 years imprisonment and a fine of $250,000 if
a. causes a loss that over the course of a year
b. modifies, impairs, or could modify or impair the
medical examination, diagnosis, treatment, or
care of 1 or more individuals;
c. causes physical injury;
128. See Charles Doyle, Cybercrime: An Overview of the Federal Computer Fraud and
Abuse Statute and Related Federal Criminal Laws, CONG. RES. SERV. (Oct. 15, 2014),
129. Id. at 1
130. See id.
131. 18 U.S. C. § 1030(a)( 5) (2008).
132. Id. § 1030(c)( 4)(F) (2008).
133. Id. § 1030(c)( 4)(E) (2008).