Health Net/Centene — TRICARE Cybersecurity Failures
Health Net Pays Over $11 Million for TRICARE Cybersecurity Failures
Source: U.S. Department of Justice
TL;DR: Health Net Pays Over $11 Million for TRICARE Cybersecurity Failures This case resulted in a $11.2 Million resolution and demonstrates the impact of whistleblower protections in recovering funds from fraud.
Summary
Health Net Federal Services Inc. and its parent company Centene Corporation agreed to pay over $11.2 million to resolve False Claims Act allegations that the company falsely certified compliance with cybersecurity requirements in its contract with the Department of Defense to administer TRICARE. DOJ alleged Health Net failed to timely scan for and remedy cybersecurity vulnerabilities, ignored reports from auditors about its cybersecurity risks, and falsely attested compliance with at least seven security controls.
Our Take
Healthcare cybersecurity cases often involve the gap between certification and reality—attesting to controls that aren't actually implemented or maintained. Insiders typically have access to audit findings that were ignored, vulnerability scan results, compliance reports showing known gaps, and communications about the pressure to certify despite known deficiencies. If you've seen cybersecurity attestations that don't match the actual security posture, preserve the audit trail and any acknowledgments of the gap.
Read the full article from the original source:
View Original ArticleOpens in a new tab. Content from U.S. Department of Justice.
Notice
The summaries above are based on publicly available information released by the U.S. Department of Justice and are provided for informational purposes only. They do not constitute legal advice, investigative findings, or allegations by Disclosure Strategy. Our commentary reflects general, experience-based observations about how False Claims Act matters commonly arise and is not a statement about any party's liability.