A federal contractor that helps the U.S. army’s healthcare system pays $11 million to the federal government to settle allegations that it lied about assembly federal cybersecurity requirements — the newest penalty levied on a contractor as a part of a 2021 initiative to root out cyber-related fraud.
Well being Internet Federal Providers (HNFS) and its mother or father firm Centene Company agreed to pay the $11.2 million effective, though they dispute a number of the allegations.
In accordance with prosecutors, between 2015 and 2018 the corporate — which administered the Tricare healthcare program for 22 states — “falsely licensed compliance” with sure cybersecurity controls required of federal contractors. The corporate allegedly did not scan for identified vulnerabilities in a well timed style and to handle safety flaws on its networks.
The Justice Division additionally accused the corporate of ignoring inside and third-party studies about dangers on its networks associated to issues like patch administration, password insurance policies, end-of-life {hardware} and software program and configuration settings.
The settlement settlement is part of the DOJ’s Civil Cyber-Fraud Initiative, introduced in October 2021, which places a highlight on federal contractors to make sure they’re adhering to cybersecurity guidelines. It falls underneath the auspices of an 1863 legislation, the False Claims Act, that created civil penalties for misrepresenting the standard of companies supplied to the federal government.
In June 2024, the DOJ reached an $11.3 million settlement with the federal contractors Guidehouse Inc. and Nan McKay and Associates for failing to correctly take a look at the cybersecurity of a system for offering monetary help in New York throughout the COVID-19 pandemic.
Final October, Penn State College was fined $1.25 million for failing to stick to safety requirements and for not addressing the problems after they had been recognized, and in August the U.S. filed go well with towards Georgia Institute of Know-how after a whistleblower criticism.
A DOJ official beforehand advised Recorded Future Information that the initiative was a part of the Biden administration’s efforts at “incentivizing and shaping the market forces” behind corporations’ cybersecurity choices.
“Firms that maintain delicate authorities data, together with delicate data of the nation’s servicemembers and their households, should meet their contractual obligations to guard it,” stated appearing Assistant Lawyer Common Brett Shumate in an announcement in regards to the settlement with HNFS.
“We’ll proceed to pursue realizing violations of cybersecurity necessities by federal contractors and grantees to guard Individuals’ privateness and financial and nationwide safety.”
Recorded Future
Intelligence Cloud.
