Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anthem Blocking Federal Auditor From Doing Vulnerability Scans

Posted by samzenpus on from the suspicious-behavior dept.

chicksdaddy writes Anthem Inc., the Indiana-based health insurer, has informed a federal auditor, the Office of Personnel Management, that it will not permit vulnerability scans of its network — even after acknowledging that it was the victim of a massive breach that leaked data on tens of millions of patients. According to this article, Anthem is citing "company policy" that prohibits third party access to its network in declining to let auditors from OPM's Office of the Inspector General (OIG) conduct scans for vulnerable systems. OPM's OIG performs a variety of audits on health insurers that provide health plans to federal employees under the Federal Employee Health Benefits Program, or FEHBP. Insurers aren't mandated to comply — though most do. This isn't Anthem's first time saying "no thanks" to the offer of a network vulnerability scan. The company also declined to let OIG scan its network in 2013. A partial audit report issued at the time warned that the company, then known as WellPoint, "provided us with conflicting statements" on issues related to information security, including Wellpoint's practices regarding regular configuration audits and its plans to shift to IBM's Tivoli Endpoint Manager (TEM) platform.

2 of 116 comments (clear)

  1. Because They've Been Hacked by Anonymous Coward · · Score: 3, Informative

    Through no real choice of my own, WellPoint/Anthem was involved in some of my shit (they were behind the only decent plans my employee offered, though they weren't branded as WellPoint/Anthem anything). They leak data frequently.
    About once a year I get a notice saying my shit has been leaked and that they're providing "identity protection" bullshit as compensation. My current pointless "protection" plan is handled by some clowns called FraudStop.

  2. Re:LOL! by sumdumass · · Score: 3, Informative

    Congress created this agency years ago (1883 i think) when it passed the civil service act into law.

    It's a central office in charge of federal government employees and administrates their benefits and retirement packages as well as wage tables and so on. You can think of them as the HR department on a grand scale.