According to this article (http://www.healthcareinfosecurity.com/anthem-refuses-full-security-audit-a-7980/op-1), Anthem is citing "company policy" that prohibits third party access to its network in declining to let auditors from OPM's Office of the Inspector General (OIG) conduct scans for vulnerable systems. OPM's OIG performs a variety of audits on health insurers that provide health plans to federal employees under the Federal Employee Health Benefits Program, or FEHBP. Insurers aren't mandated to comply — though most do.
This isn't Anthem's first time saying "no thanks" to the offer of a network vulnerability scan. The company also declined to let OIG scan its network in 2013. A partial audit report issued at the time (http://www.opm.gov/our-inspector-general/reports/2013/audit-of-information-systems-general-and-application-controls-at-wellpoint-inc-1a-10-00-13-012.pdf) warned that the company, then known as WellPoint, "provided us with conflicting statements" on issues related to information security, including Wellpoint's practices regarding regular configuration audits and its plans to shift to IBM's Tivoli Endpoint Manager (TEM) platform."
Link to Original Source