Company conducted traditional security scans and addressed already-published vulnerabilities.
U.S. healthcare contractor Health Net Federal Services and its parent company Centene Corporation have been ordered to pay more than $11.25 million to resolve allegations of falsified cybersecurity certifications.
According to SC US, despite having been required to implement secure encryption mechanisms for managing the medical records of military personnel and their families - as part of the U.S. government's TRICARE program - HNFS only conducted traditional security scans and addressed already-published vulnerabilities between 2015 and 2018.
The U.S. Department of Justice said this exposed individuals' personal data to significant cybersecurity risk.
Brett Shumate, acting assistant attorney general at the Justice Department Civil Division, said: "Companies that hold sensitive government information, including sensitive information of the nation's service members and their families, must meet their contractual obligations to protect it.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
