The recent Anthem attack was huge – the fallout of this hack is the potential exposure of personal information (including social security numbers) of up to 78 million individuals! But what’s really concerning are two points that just recently surfaced: the fact that Anthem refused to allow the Office of Personnel Management’s Office of Inspector General to perform vulnerability scans of their systems in 2013, and what’s even more surprising is that even AFTER the breach, they again refused to allow the OIG to perform the scans. Vulnerability scans look at computer systems to see if there are any open issues or vulnerabilities that hackers could exploit. These scans ensure that operating systems are patched, networks are configured correctly, and malware hasn’t been installed, among other things. It’s not clear why Anthem is resisting these scans – especially after their breach, you’d think they’d welcome help in identifying any possible issues.
This article from HealthcareInfoSecurity.com does a good job covering this.