OPM OIG: Anthem snubbed our security audits before and after enormous hack attack
Shaun Nichols reports:
A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed.
And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s systems, and was again turned away.
No real surprise there, as now that everyone’s suing them, why would they want an audit that could become more fodder for litigation?
But why did they decline last year?
“We do not know why Anthem refuses to cooperate,” government officials told The Register today.
The Office of the Inspector General (OIG) for the US Office of Personnel Management (OPM) told us it wanted to audit Anthem’s information security protections back in 2013, but was snubbed by the insurer.
According to the agency, Anthem participates in the US Federal Employees Health Benefits Program, which requires regular audits from the OIG, audits that Anthem allegedly thwarted. Other health insurers submit to Uncle Sam’s audits “without incident,” we’re told.
Read more on The Register.
Will Anthem live to regret its decision not to permit an audit last year? And will HHS/OCR take that refusal into account in its own investigation of the Anthem breach?