Anthem Refuses Federal Security Audit Following Breach


Anthem Inc., the worlds largest health care provider has refused a federal security audit of its internal systems from the Office of Inspector General (OIG), an independent office within the Office of Personnel Management (OPM), following the breach of tens of millions of Anthem customers last February.

The OIG and OPM offices provides audits, investigations and evaluations to health insurance carriers that provide benefits to federal employee’s

According to a statement from the OPM, OIG provided information to the watchdog group GovInfoSecurity, that the company recently contacted Anthem to propose a “partial audit” on the company’s systems this summer. The audit, something the company calls a “limited scope audit,” would have resulted in work that the group was prevented from performing last year in 2013, when the company had previously refused the audit as well.

“We have conducted vulnerability scans and configuration compliance tests at numerous health insurance carriers without incident,” the OIG wrote in a public statement. “We do not know why Anthem refuses to cooperate with the OIG.”

According to statements written by OPM, the only reason Anthem would cite them for declining the audit was exclusively due to “corporate policy.” The company was not open to further discussion regarding the refusal of OIG services.

Last week Anthem Inc. also announced that some 8.8 to 18.8 million additional non-Anthem customers who used their insurance in states where Anthem operates may have also been impacted in the massive breach.

The several million adds more victims to the already severe 78.8 million customers who had their data stolen as confirmed by the company last week.

Anthem has refused “standard vulnerability scans and configuration compliance tests” the OIG requested in aftermath of the breach that may have leaked nearly 100 million customers and non-customers personal health care information.

About Author

Brandon Stosh

Brandon Stosh is the founder and CEO of Stosh is a cyber security researcher and professional consultant who strives to provide reliable news on cyber-security based topics.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend