Health insurer Anthem has denied a federal watchdog permission to scan the company’s networks, following the massive data breach that exposed the sensitive information of nearly 80 million customers.
The inspector general (IG) for the Office of Personnel Management (OPM) said in a statement to GovInfoSecurity that Anthem had previously refused to allow routine inspections of its systems.
{mosads}The IG had wanted to return this summer to complete its scan.
“What we had attempted to schedule for the summer of 2015 was a sort of ‘partial audit’ — what we call a ‘limited scope audit’ — that would have consisted only of the work we were prevented from conducting in 2013,” said a representative for the inspector general. “This is the second time that Anthem has refused to permit us to perform our standard vulnerability scans and configuration compliance tests.”
OPM regularly audits and issues reports on insurers providing health plans to federal employees.
“We have conducted vulnerability scans and configuration compliance tests at numerous health insurance carriers without incident,” the IG’s office said. “We do not know why Anthem refuses to cooperate with the [IG].”
Insurers are not always required to allow the audit. The government can, however, alter its contract with health insurers to mandate full audits. The IG said it would be trying to amend its Anthem contract.
Anthem has been mum on why it refused to allow the full inspection. The IG said “the reason cited is ‘corporate policy.'”
The recent Anthem hack, which compromised sensitive data including Social Security numbers, is seen as the largest ever breach at a health insurer.