"A federal watchdog agency says Anthem Inc. has refused to allow it to conduct vulnerability scans of the health insurer's systems in the wake of its recent massive data breach affecting 78.8 million individuals. Anthem also refused to allow scans by the same agency in 2013" This agency would be involved because Anthem does business with the Federal Government.
Anthem Refuses Full IT Security Audit - GovInfoSecurity
And yet we have to buy insurance and have our private information subject to hackers, not only with Anthem but I am sure other insurers who might take the same stance and that do not encrypt their data. I had read where encrypting the data was not required by law. Wonder if that law will ever change!
Perhaps Anthem is more loosey, goosey than we could ever imagine. My take is that if they had up to date safeguards they would have welcomed these audits and used the results to let us know they were doing every thing possible to safe guard information. Clearly they didn't and are not.