US watchdog: Anthem snubbed our security audits before and after enormous hack attack

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2015/03/05/us_watchdog_anthem_audits/

By Shaun Nichols
The Register
5 Mar 2015

A year or so before American health insurer Anthem admitted it had been 
ruthlessly ransacked by hackers, a US federal watchdog had offered to 
audit the giant's computer security – but was rebuffed.

And, after miscreants looted Anthem's servers and accessed up to 88.8 
million private records, the watchdog again offered to audit the insurer's 
systems, and was again turned away.

"We do not know why Anthem refuses to cooperate," government officials 
told The Register today.

The Office of the Inspector General (OIG) for the US Office of Personnel 
Management (OPM) told us it wanted to audit Anthem's information security 
protections back in 2013, but was snubbed by the insurer.

According to the agency, Anthem participates in the US Federal Employees 
Health Benefits Program, which requires regular audits from the OIG, 
audits that Anthem allegedly thwarted. Other health insurers submit to 
Uncle Sam's audits "without incident," we're told.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/