Rancho Cordova subsidiary to pay $11.25M after government alleges cybersecurity flaws

Centene Corporation agreed to pay $11.25 million to resolve allegations that a Rancho Cordova-based subsidiary failed to comply with cybersecurity requirements while managing military health plans.

The settlement resolves allegations that the subsidiary, Health Net Federal Services, falsely reported that it was in compliance with cybersecurity measures in a contract with TRICARE, the military health insurance program, between 2015 and 2018.

The U.S. Attorney’s office for California’s Eastern District announced the no-fault agreement with the Clayton, Missouri-based health insurer on Tuesday.

The government alleged that the company failed to fix security flaws in its systems or scan for known vulnerabilities in a timely manner. It also alleged that the company ignored reports of cybersecurity risks from its internal audit department and from third-party security auditors. It alleged that the company’s reimbursement claims for the contract were false, regardless of whether any service members’ health information was compromised, because it failed to meet the cybersecurity requirements.

In a statement, Health Net Federal Services said it has administered TRICARE plans for more than 35 years, and protecting service members’ health information is “paramount.” The company said there was no breach or loss of service members’ health information.

Health Net Federal Services was awarded the federal contract to manage health coverage for TRICARE’s north region, which covered parts of 22 states, in 2010. Centene acquired the subsidiary’s parent company, Health Net, in a $6 billion deal in 2016.

As part of the agreement, Centene denied the allegations.

©2025 The Sacramento Bee. Visit sacbee.com. Distributed by Tribune Content Agency, LLC.