Managed healthcare defense contractor to pay $11 million over alleged cyber failings therecord.media/managed-h…

A federal contractor that supports the U.S. military’s healthcare system will pay $11 million to the government to settle allegations that it lied about meeting federal cybersecurity standards — the latest penalty levied on a contractor as part of a 2021 initiative to root out cyber-related fraud.

Health Net Federal Services (HNFS) and its parent company Centene Corporation agreed to pay the $11.2 million fine, although they dispute some of the allegations.

According to prosecutors, between 2015 and 2018 the company — which administered the Tricare healthcare program for 22 states — “falsely certified compliance” with certain cybersecurity controls required of federal contractors. The company allegedly failed to scan for known vulnerabilities in a timely fashion and to address security flaws on its networks.

The Justice Department also accused the company of ignoring internal and third-party reports about risks on its networks related to things like patch management, password policies, end-of-life hardware and software and configuration settings.