California-based Health Net Federal Services (HNFS), a subsidiary of St Louis-based Centene Corporation, has reached an agreement to pay $11,253,400 to resolve allegations of false cybersecurity compliance certifications.
According to the US Department of Justice (DoJ), the false cybersecurity certifications were used to comply with requirements in a US Department of Defense (DoD) contract to administer the Defense Health Agency’s (DHA) TRICARE health benefits program for servicemembers and their families.
HNFS failed to meet certain cybersecurity controls and falsely certified compliance with them in annual reports to DHA between 2015 and 2018, it is alleged.
The reports were required under HNFS’ contract with the DHA to administer the TRICARE program.
It is also alleged that HNFS failed to timely scan for known vulnerabilities and to remedy security flaws on its networks and systems, in accordance with its System Security Plan and the response times HNFS had established.
The firm is also accused of ignoring reports from third-party security auditors and its internal audit department of cybersecurity risks on HNFS’ networks and systems related to asset management; access controls; configuration settings; firewalls; end-of-life hardware and software in use; patch management; vulnerability scanning; and password policies.
“Companies that hold sensitive government information, including sensitive information of the nation’s servicemembers and their families, must meet their...
Diopsys Inc. has agreed to pay up to $14.25 million to resolve allegations it violated the federal False Claims Act and various Pennsylvania state laws by knowingly submitting or causing others to...