Health Net Federal Services (HNFS) has agreed to pay $11.25 million to resolve allegations that it did not comply with cybersecurity requirements in its contract with the U.S. Department of Defense (DoD). The settlement addresses claims that HNFS falsely certified its adherence to mandated security controls while managing the TRICARE health program for military personnel and their families.
The U.S. Department of Justice (DOJ) announced that between 2015 and 2018, HNFS failed to implement specific cybersecurity measures required under its contract with the Defense Health Agency. These deficiencies included not conducting timely scans for known vulnerabilities, not addressing security flaws in its networks and systems promptly, and disregarding findings from both third-party security auditors and internal assessments.
This settlement underscores the importance of strict compliance with cybersecurity protocols, especially when handling sensitive information related to national defense and personal health data. The DOJ emphasized that contractors must adhere to their commitments to protect such information, and failure to do so can result in significant financial and reputational consequences.
Health Net Federal Services has not admitted to any wrongdoing as part of the settlement but has agreed to enhance its cybersecurity practices to prevent future issues. This case highlights the federal government’s ongoing efforts to ensure that contractors maintain robust cybersecurity standards to safeguard critical information.
Explore the newest supply chain news at The Supply Chain Report. Visit ADAMftd.com for free international trade tools.
#HealthNetFederalServices #CybersecurityCompliance #DOJSettlement #DefenseContractors #TRICARE #DataSecurity #MilitaryHealthcare #CyberRisk #FederalContracting #CyberThreats #DODCybersecurity #HealthcareData #SecurityBreach #GovernmentContracts
