Anthem, the nation’s second largest health insurer who announced in February a breach that compromised 78.8 million customer records and an additional 8.8 and 18.8 million individuals – Blue Cross Blue Shield customers that may have used their insurance in states that Anthem operates, has declined an audit from the Office of Inspector General (OIG), an office within the U.S. Department of Health & Human Services. This is not the first time that Anthem has turned down such an audit.
Tim Erlin, Director, Product Management, Security and IT Risk Strategist for Tripwire, says: “Insurers providing services to Federal employees should be subject to security audits by the government, and they shouldn’t have a choice in the matter. There’s an existing model of oversight in place today between the Centers for Medicare and Medicaid Services and their third party contractors with similar requirements. While no model of oversight and audit is perfect, it is possible to establish a system and improve it iteratively in partnership with private industry. Without facts to the contrary, it’s hard not to interpret the motivation behind Anthem’s refusal as an attempt to avoid embarrassment. Regardless of the motive, declining an audit from OPM for the second time, following a massive breach, make headlines.”