Update: 11:30 a.m. ET: Health Data Management reports that Anthem Inc. is refusing to comply with a security audit request from the U.S. Office of Personnel Management (OPM) Inspector General Office (OIG). The request comes after the data breach detailed below.
Because Anthem participates in the Federal Employees Health Benefits Program, which is managed by the OPM, they are subject to these external audits.
Anthem refused the standard vulnerability scans and configuration compliance tests, citing the audit conflict with a corporate policy prohibiting external entities from connecting to the Anthem network. In attempts to supplement their audit, OPM tried to obtain additional information about Anthem’s internal practices but received conflicting statements about their procedures.
This is the second time the organization has refused an audit request from the OPM inspector general. The first refusal came this summer before their breach was discovered. Following the initial refusal OPM adjusted the FEHBP contract to allow a certain degree of auditor access.
Update: 10:30 p.m. ET: After phishing scams plagued Anthem’s breach victims, the company finally launched an identity protection enrollment website for impacted individuals. Identity theft protection through Anthem is free and available to all Anthem members — of any age.
If your child is covered under an Anthem health insurance plan, it is wise to enroll them in this service as well. Child identity theft is one of the most detrimental forms of fraud. Because children lack any credit history, criminals can intermingle the child’s clean credit with the perpetrators name and date of birth. This process is known as synthetic identity theft.
Concerned parents should monitor their child’s credit carefully — pulling their credit reports from the three major bureaus annually. Review any existing accounts, such as treasury bonds and college savings accounts, for any discrepancies or unusual activity. Continue reading