Although the change in administrations has heralded shifting enforcement priorities at the U.S. Department of Justice (DOJ), cybersecurity enforcement under the False Claims Act (FCA) appears to be alive and well. That is the takeaway from the recent DOJ announcement that Health Net Federal Services and its parent, Centene Corporation, have agreed to pay over US$11 million to resolve a FCA matter alleging cybersecurity violations.
According to DOJ, Health Net entered into a contract with the Department of Defense to administer the Defense Health Agency’s TRICARE health benefits program. Health Net allegedly failed to meet certain cybersecurity controls as part of its government contract and falsely certified compliance with those requirements in annual reports to the government. The government alleged that the company failed to timely scan for known vulnerabilities and to remedy security flaws on its networks and systems. In addition, according to the government, Health Net allegedly ignored reports from third-party security auditors and its own audit department regarding cybersecurity risks on the company’s networks and systems. Those risks related to, among other things, asset management, firewalls, patch management, and password policies. The government alleged that, as a result of these purported failures, the company’s claims for reimbursement under the contract were false, even if there was not any exfiltration or compromise of data or...
JD Vance Accuses Bass and Newsom of Inciting Violence *During a tense visit to Los Angeles on Friday (06-20-25), Vice President JD Vance accused California Governor Gavin Newsom and Los Angeles Ma...