Anthem announced in September 2013 that it had been certified as compliant with the HITRUST Common Security Framework. Then it revealed in February 2015 that it’d fallen victim to a breach that exposed nearly 79 million individuals. Federal regulators said the cyberattackers likely began their intrusions in February 2014, about five months after the insurer achieved certification. Many security experts say compliance with frameworks has value in helping to demonstrate an organization’s security maturity, but they caution that such compliance is no assurance of immunity from a breach.”]
Source: https://www.cuinfosecurity.com/analysis-did-anthems-security-certification-have-value-a-11634