Health Net Federal Services Settles Cybersecurity Compliance Allegations for Over $11 Million

Health Net Federal Services to Pay Over $11 Million for Cybersecurity Violations

In a significant settlement, Health Net Federal Services, LLC (HNFS) and its parent company, Centene Corporation, have agreed to pay $11.25 million to resolve allegations of falsely certifying compliance with cybersecurity requirements under a contract with the U.S. Department of Defense (DoD). This case underscores the increasing scrutiny on cybersecurity practices among government contractors, particularly those handling sensitive information.

Based in Rancho Cordova, California, HNFS was responsible for administering the Defense Health Agency’s (DHA) TRICARE health benefits program, which provides essential medical services to U.S. servicemembers and their families. The U.S. Department of Justice (DOJ) accused HNFS of failing to meet required cybersecurity standards between 2015 and 2018, including neglecting to scan for known vulnerabilities and address security flaws in a timely manner.

Acting Assistant Attorney General Brett A. Shumate emphasized the critical nature of cybersecurity compliance, stating, “Companies that hold sensitive government information must meet their contractual obligations to protect it.” The DOJ’s findings revealed multiple failures, including inadequate access controls, poor patch management, and the use of outdated technology, all of which heightened the risk of unauthorized access to sensitive data.

The settlement serves as a stark reminder to federal contractors about the importance of adhering to cybersecurity regulations. As cyber threats evolve, government agencies are ramping up enforcement measures to ensure that companies entrusted with sensitive data prioritize robust security practices.

With this settlement, HNFS and Centene Corporation are not only addressing past compliance failures but also reinforcing the message that cybersecurity is a non-negotiable aspect of government contracting. As regulatory oversight intensifies, companies must strengthen their cybersecurity frameworks to safeguard sensitive information against emerging threats.