A U.S. healthcare provider was fined by the federal government for lying about its cybersecurity qualifications.The U.S. Department of Justice said that Health Net Federal Services, LLC and Centene Corporation will pay a combined $11,253,400 to settle the allegations.The case stems from allegations that Health Net and its subsidiaries took on contracts to handle the health records of service members and veterans without having the proper protections in place to protect that information from outside attackers between the years 2015 and 2018.In short, the allegations are that Health Net and its subcontractors lied about the extent to which they could provide secure encryptions and network protections for the personnel files they were contracted to handle.“Companies that hold sensitive government information, including sensitive information of the nation’s service members and their families, must meet their contractual obligations to protect it,” Brett A. Shumate, acting assistant attorney general for the Justice Department’s Civil Division.“We will continue to pursue knowing violations of cybersecurity requirements by federal contractors and grantees to protect Americans’ privacy and economic and national security.”According to the government’s allegations, Health Net falsified certifications that were required to comply with securing the personal information of service members under the government’s TRICARE program, the health benefits program for military personnel and their families.Those qualifications included the secure encryption and handling of medical records of service members and their families. It was found that the third-party providers failed to live up to their end of the bargain by maintaining normal security scans and remediating published vulnerability reports and patch releases.This resulted in a number of American service members and their families being exposed to threat actors who would look to exploit their personal information.“Safeguarding sensitive government information, particularly when it relates to the health and well-being of millions of service members and their families, is of paramount importance,” said Michele Beckwith, acting attorney general for the Eastern District of California where the case is being prosecuted.“When HNFS failed to uphold its cybersecurity obligations, it didn’t just breach its contract with the government, it breached its duty to the people who sacrifice so much in defense of our nation.”
