A federal contractor that supports the U.S. military’s healthcare system will pay $11 million to the government to settle allegations that it lied about meeting federal cybersecurity standards — the latest penalty levied on a contractor as part of a 2021 initiative to root out cyber-related fraud.
Health Net Federal Services (HNFS) and its parent company Centene Corporation agreed to pay the $11.2 million fine, although they dispute some of the allegations.
According to prosecutors, between 2015 and 2018 the company — which administered the Tricare healthcare program for 22 states — “falsely certified compliance” with certain cybersecurity controls required of federal contractors. The company allegedly failed to scan for known vulnerabilities in a timely fashion and to address security flaws on its networks.
The Justice Department also accused the company of ignoring internal and third-party reports about risks on its networks related to things like patch management, password policies, end-of-life hardware and software and configuration settings.
The settlement agreement is part of the DOJ’s Civil Cyber-Fraud Initiative, announced in October 2021, which puts a spotlight on federal contractors to ensure they are adhering to cybersecurity rules. It falls under the auspices of an 1863 law, the False Claims Act, that created civil penalties for misrepresenting the quality of services provided to the government.
In June 2024, the DOJ reached an $11.3 million agreement with the...
Pro Football Hall of Famer and sports media personality Shannon Sharpe has been accused of raping a woman he had been in a consensual sexual relationship with in a lawsuit filed Sunday night in Cl...