BLOG / 🇺🇸 United States · · daily

Federal IT & Cybersecurity Contracts — May 30, 2026

Federal IT & Cybersecurity Contracts

By Gunpowder Editorial ·

2 total filings analysed

Executive Summary

The two contracts in this digest total $145.0 million in obligations, both awarded by the Department of Health and Human Services (HHS) with zero defense-related content, underscoring a civilian health IT theme.

The largest award is an $81.5 million firm-fixed-price delivery order to Lantana Consulting Group for CDC adverse drug event surveillance analytics, with $52.5 million already outlayed, signaling strong execution and low cancellation risk. The second award is a $63.5 million BPA call to ESIMPLICITY Inc for Salesforce and API development support at CMS, with potential total value of $193.3 million through 2029, though future orders depend on agency needs. The highest-conviction signal is the sustained federal investment in health data analytics and IT modernization, but a key risk is that both contracts are fixed-price, transferring cost risk to contractors, and ESIMPLICITY's BPA structure introduces option execution uncertainty.

Materiality, sentiment, and priority are scored by Gunpowder’s analysis pipeline. How we score filings →

Tracking the trend? Catch up on the prior Federal IT & Cybersecurity Contracts digest from May 23, 2026.

Investment Signals (3)

  • Lantana Consulting Group's $81.5M CDC Award Shows Strong Execution in Health Analytics (MEDIUM)

    The $81.5 million firm-fixed-price delivery order to Lantana Consulting Group for CDC adverse drug event surveillance has $52.5 million already outlayed, indicating high performance and low cancellation risk, with stable funding under HHS.

  • ESIMPLICITY Inc's $63.5M CMS BPA Call Signals Agency Commitment to IT Modernization (MEDIUM)

    The $63.5 million obligated BPA call to ESIMPLICITY Inc for Salesforce and API development at CMS, with potential total of $193.3 million, shows strong agency commitment to cloud/Salesforce modernization despite budget uncertainty.

  • Fixed-Price Contracts Transfer Cost Risk to Both Lantana and ESIMPLICITY (HIGH)

    Both contracts are firm-fixed-price, transferring cost overrun risk to the contractors; for ESIMPLICITY, the services focus (IT labor) reduces execution risk, but for Lantana, the analytics scope carries medium risk if data complexity increases.

Risk Flags (3)

  • Execution [MEDIUM RISK]

    ESIMPLICITY Inc's $63.5M BPA call is a BPA call rather than a base contract, meaning future orders depend on agency needs; only $47.5M has been outlayed so far, leaving $16.0M at risk of not being funded.

  • Concentration [MEDIUM RISK]

    Both contracts are concentrated within HHS (CDC and CMS), exposing investors to civilian agency budget risk, especially if HHS faces sequestration or continuing resolution impacts.

  • Competition [LOW RISK]

    Both contracts were awarded under full-and-open competition with no set-aside, indicating Lantana and ESIMPLICITY won on merit but face potential pricing pressure from larger competitors in future re-competes.

Opportunities (2)

  • Sustained federal investment in health data analytics and IT modernization at HHS, as evidenced by Lantana's $81.5M CDC award and ESIMPLICITY's $63.5M CMS award, creates growth opportunities for small and mid-cap IT services firms focused on health IT.

  • ESIMPLICITY Inc's status as a woman-owned 8(a) firm winning a full-and-open competition suggests that small businesses with specialized capabilities (Salesforce/API) can compete effectively, potentially leading to M&A interest from larger defense IT firms.

Sector Themes (2)

  • Both contracts support HHS digital transformation: Lantana's CDC award for adverse drug event surveillance analytics and ESIMPLICITY's CMS award for Salesforce/API development on the CQP platform, totaling $145.0 million in obligations.

  • Both Lantana Consulting Group (small business) and ESIMPLICITY Inc (8(a)/WOSB) won full-and-open competitions without set-asides, demonstrating that small firms can compete against larger primes in health IT analytics and cloud services.

Watch List (3)

  • 👁

    {"entity"=>"Lantana Consulting Group", "reason"=>"The $81.5M CDC contract has $52.5M already outlayed, but the remaining $29M is at risk if CDC funding priorities shift; watch for modifications or extensions beyond 2027.", "trigger"=>"CDC task order obligations to confirm remaining $29M funding; any contract modification announcements"}

  • 👁

    {"entity"=>"ESIMPLICITY Inc", "reason"=>"The $63.5M CMS BPA call has only $47.5M outlayed, and future orders depend on agency needs; option exercises in 2026 will be critical for revenue visibility.", "trigger"=>"Option exercise announcements in 2026; any news of ESIMPLICITY going public or being acquired"}

  • 👁

    {"entity"=>"HHS Budget", "reason"=>"Both contracts are civilian HHS awards, making them vulnerable to budget uncertainty, continuing resolutions, or sequestration affecting CDC and CMS funding.", "trigger"=>"FY2026 HHS appropriations bill; continuing resolution timeline; NDAA provisions affecting civilian agency budgets"}

Get daily alerts with 3 investment signals, 3 risk alerts, 2 opportunities and full AI analysis of all 2 filings

$30/mo after a 14-day free trial — no credit card required. See pricing or explore intelligence streams.

More from: Federal IT & Cybersecurity Contracts

🇺🇸 More from United States

View all →