Recently it has been revealed that Anthem blocked the U.S. Office of Personnel Management’s Office of the Inspector General to run vulnerability scans and tests following the disclosure that the health insurer suffered a massive data breach.
In 2013 Anthem allowed OIG to audit their systems, which “found that the healthcare agency did not conduct routine vulnerability scans and did not put sufficient controls in place to prevent rogue devices from connecting to the network.” Since then Anthem has denied OIG access to their systems, stating “it was denying access because of a policy that prohibited external entities from connecting to its network. Anthem recently reiterated that auditors would not be permitted to conduct vulnerability scans.”