Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anthem Blocking Federal Auditor From Doing Vulnerability Scans

Posted by samzenpus on from the suspicious-behavior dept.

chicksdaddy writes Anthem Inc., the Indiana-based health insurer, has informed a federal auditor, the Office of Personnel Management, that it will not permit vulnerability scans of its network — even after acknowledging that it was the victim of a massive breach that leaked data on tens of millions of patients. According to this article, Anthem is citing "company policy" that prohibits third party access to its network in declining to let auditors from OPM's Office of the Inspector General (OIG) conduct scans for vulnerable systems. OPM's OIG performs a variety of audits on health insurers that provide health plans to federal employees under the Federal Employee Health Benefits Program, or FEHBP. Insurers aren't mandated to comply — though most do. This isn't Anthem's first time saying "no thanks" to the offer of a network vulnerability scan. The company also declined to let OIG scan its network in 2013. A partial audit report issued at the time warned that the company, then known as WellPoint, "provided us with conflicting statements" on issues related to information security, including Wellpoint's practices regarding regular configuration audits and its plans to shift to IBM's Tivoli Endpoint Manager (TEM) platform.

4 of 116 comments (clear)

  1. Company Policy? by Anonymous Coward · · Score: 3, Funny

    "Anthem is citing "company policy" that prohibits third party access to its network in declining to let auditors from OPM's Office of the Inspector General (OIG) conduct scans for vulnerable systems."

    Seems a little late for that now, doesn't it?

  2. Well... by Anonymous Coward · · Score: 5, Funny

    I think they already allowed third party access. What's a few more.

  3. Re:The industry needs more regulation by LifesABeach · · Score: 3, Funny

    Anthem is an obvious corporate risk; shut them down. Then put all of their clients on Obama Care.

  4. Re:Anthem is normal here by ColdWetDog · · Score: 3, Funny

    I work for a large multinational in the human capital management space and we let a select number our customers do penetration testing. Our customers range from Fortune 500 to government agencies in the US and EU. It is not an unheard of practice, and I would argue it is quite common for these requests to come up, especially during contract negotiations.

    My little firm can't afford stuff like that. So we outsource our testing to China and Russia - they charge a lot less.

    Seems like they're always falling over each other to try and accommodate us.

    --
    Faster! Faster! Faster would be better!