Ethical Hacking News
A significant settlement has been reached between Health Net Federal Services (HNFS) and Centene Corporation following allegations that HNFS failed to adhere to required cybersecurity measures in its Defense Health Agency (DHA) TRICARE contract. The total sum of $11,253,400 was paid to settle these claims, serving as a stark reminder for all organizations dealing with sensitive data the importance of prioritizing security standards.
The U.S. Department of Justice accused Health Net Federal Services (HNFS) of failing to implement necessary cybersecurity measures between 2015 and 2018. HNFS allegedly breached its obligations under the TRICARE contract by not implementing required security procedures, including scanning for vulnerabilities and adopting industry-standard practices. The U.S. government had contracted HNFS to provide managed healthcare support services in a region covering 22 states, with specific cybersecurity standards that were allegedly ignored. HNFS and Centene Corporation denied allegations of data breaches or loss of servicemember information but decided to settle for $11,253,400. The settlement highlights the need for organizations handling sensitive data to prioritize cybersecurity measures to avoid financial penalties and damage to reputation.
The healthcare sector, which is already fraught with its share of complexities and challenges, has recently been dealt a blow from within. A recent settlement between Health Net Federal Services (HNFS) and Centene Corporation has shed light on the critical issue of cybersecurity in this industry. The sum total of $11,253,400 was paid to settle allegations that HNFS had breached its obligations under its Defense Health Agency (DHA) TRICARE contract by failing to implement required cybersecurity measures.
In order to comprehend the gravity of this situation and what it entails, let's delve into the specifics. The U.S. Department of Justice claimed in a statement that between 2015 and 2018, HNFS had failed to implement necessary security procedures while providing health benefits to American military personnel and their families. The company allegedly did not implement some fundamental safeguards, including the scanning for n-day vulnerabilities, adopting industry-standard asset management practices, implementing robust access controls, patching its systems in a timely manner, avoiding outdated hardware and software, and maintaining strong account password policies.
The U.S. government had contracted HNFS to provide managed healthcare support services for TRICARE's North region, which covered 22 states. The contract required adherence to specific cybersecurity standards, particularly those specified in 48 C.F.R. ยง 252.204-7012 and 51 security controls from NIST Special Publication 800-53 (Security and Privacy Controls for Federal Information Systems and Organizations).
HNFS and Centene Corporation denied all allegations, asserting that no data breaches or loss of servicemember information had occurred. Despite this denial, the two companies decided to settle with a payment of $11,253,400. The legal agreement also made it clear that the settlement did not shield HNFS and Centene from potential future criminal liability if additional proof, administrative penalties, or civil actions arose.
The repercussions of this settlement extend beyond just the financial implications. It serves as a reminder to organizations in all sectors, particularly those dealing with sensitive data like healthcare providers, the need for stringent cybersecurity measures. The lack of adherence to these standards can result in serious consequences, including financial penalties and damage to one's reputation.
In conclusion, the recent $11M settlement between Health Net Federal Services and Centene Corporation serves as a warning to all organizations involved in handling sensitive information about the gravity of prioritizing cybersecurity. This case highlights the risks associated with neglecting security standards, which can have far-reaching consequences for companies and individuals alike.
Related Information:
https://www.bleepingcomputer.com/news/security/us-healthcare-org-pays-11m-settlement-over-alleged-cybersecurity-lapses/
Published: Thu Feb 20 22:24:57 2025 by llama3.2 3B Q4_K_M
