23 Apr Health Insurers Agree to Pay $11.25 Million After Government Alleges Cybersecurity Shortcomings
A Missouri-based health insurance company and its California-based subsidiary have agreed to pay $11.25 million to settle allegations that the subsidiary did not comply with cybersecurity requirements while managing the health insurance program for servicemembers and their families. The subsidiary allegedly failed to remedy cybersecurity issues in its systems or check for known vulnerabilities and ignored internal and third-party auditors’ reports of cybersecurity risks. The government also alleged that between 2015 and 2018, the subsidiary falsely certified its compliance with cybersecurity requirements mandated by the governmental contract when it submitted its annual reports. The subsidiary noted that no data breach or loss of members’ health information occurred.
This kind of penalty underscores the serious financial and reputational risks companies face when they neglect cybersecurity compliance—especially in regulated sectors like health insurance. If you’re in that space, it’s a reminder that cybersecurity isn’t optional anymore.
Sorry, the comment form is closed at this time.