Health Net and Centene Settle $11M Cybersecurity Compliance Case with DoD
The healthcare contractors resolved allegations of falsely certifying cybersecurity compliance in managing TRICARE for U.S. servicemembers and their families.
- Health Net Federal Services (HNFS) and parent company Centene Corporation agreed to a $11.25 million settlement over alleged cybersecurity violations in their Department of Defense contract.
- The case involved HNFS's administration of TRICARE, the healthcare program for U.S. military personnel and their families, between 2015 and 2018.
- Federal allegations claim HNFS falsely certified compliance with cybersecurity requirements, including vulnerability scanning, patch management, and access controls.
- Investigations revealed HNFS ignored internal and third-party audit findings highlighting cybersecurity risks and failed to address known vulnerabilities on their systems.
- The settlement resolves the allegations without any admission of liability by HNFS or Centene, and no evidence of data breaches or theft was reported.