Anthem Inc., the worlds largest health care provider has refused a federal security audit of its internal systems from the Office of Inspector General (OIG), an independent office within the Office of Personnel Management (OPM), following the breach of tens of millions of Anthem customers last February.
The OIG and OPM offices provides audits, investigations and evaluations to health insurance carriers that provide benefits to federal employee’s
According to a statement from the OPM, OIG provided information to the watchdog group GovInfoSecurity, that the company recently contacted Anthem to propose a “partial audit” on the company’s systems this summer. The audit, something the company calls a “limited scope audit,” would have resulted in work that the group was prevented from performing last year in 2013, when the company had previously refused the audit as well.
“We have conducted vulnerability scans and configuration compliance tests at numerous health insurance carriers without incident,” the OIG wrote in a public statement. “We do not know why Anthem refuses to cooperate with the OIG.”
According to statements written by OPM, the only reason Anthem would cite them for declining the audit was exclusively due to “corporate policy.” The company was not open to further discussion regarding the refusal of OIG services.
Last week Anthem Inc. also announced that some 8.8 to 18.8 million additional non-Anthem customers who used their insurance in states where Anthem operates may have also been impacted in the massive breach.
The several million adds more victims to the already severe 78.8 million customers who had their data stolen as confirmed by the company last week.
Anthem has refused “standard vulnerability scans and configuration compliance tests” the OIG requested in aftermath of the breach that may have leaked nearly 100 million customers and non-customers personal health care information.