Health Net and Centene Settle $11M Cybersecurity Compliance Case with DoD

The healthcare contractors resolved allegations of falsely certifying cybersecurity compliance in managing TRICARE for U.S. servicemembers and their families.

• Health Net Federal Services (HNFS) and parent company Centene Corporation agreed to a $11.25 million settlement over alleged cybersecurity violations in their Department of Defense contract.
• The case involved HNFS's administration of TRICARE, the healthcare program for U.S. military personnel and their families, between 2015 and 2018.
• Federal allegations claim HNFS falsely certified compliance with cybersecurity requirements, including vulnerability scanning, patch management, and access controls.
• Investigations revealed HNFS ignored internal and third-party audit findings highlighting cybersecurity risks and failed to address known vulnerabilities on their systems.
• The settlement resolves the allegations without any admission of liability by HNFS or Centene, and no evidence of data breaches or theft was reported.

3 Articles

The Register U.S. Department of Justice U.S. Department of Justice