The U.S. Department of Justice (DOJ) announced on February 18 that Health Net Federal Services, LLC and its corporate parent, Centene Corporation, agreed to pay $11,253,400 to resolve False Claims Act (FCA) claims. Health Net, a federal contractor responsible for administering TRICARE, allegedly falsely certified compliance with cybersecurity requirements in its contract with the U.S. Department of Defense (DOD). TRICARE is the health benefits plan for service members and their families.
The government alleged that between 2015 and 2018, Health Net failed to implement required cybersecurity controls and falsely claimed otherwise to the DOD’s Defense Health Agency; ignored internal and external cybersecurity reports identifying risk areas; and failed to properly scan for and remediate known vulnerabilities. As a result, the DOJ claimed that Health Net not only breached its contract with the government and violated the FCA, but also risked the exposure of sensitive information.
The government also emphasized its intention to keep cybersecurity at the forefront of its enforcement efforts. In its press release, a DOJ lawyer said, “We will continue to pursue knowing violations of cybersecurity requirements by federal contractors and grantees to protect Americans’ privacy and economic and national security.”
Sign up to receive Rivkin Rounds at www.RivkinRounds.com.