Express Scripts discloses extortion threat, possible data breach

Extortionist threatened to expose millions of patient records unless an unspecified amount of money was received

Express Scripts late last week disclosed it received an extortion threat in October pertaining to patient records the pharmacy benefits management company holds. 

The St. Louis, Mo.-based company said it received a letter that included the personal information of 75 individuals who use its pharmacy-benefit services, and the extortionist threatened to expose millions of patient records unless an unspecified amount of money was received.

Express Scripts, which has been in contact with the Federal Bureau of Investigation and industry experts in the matter, did not return calls for further detail. But in an official statement, Express Scripts' chairman and CEO George Paz acknowledged a data breach may be to blame for the situation, despite the fact that Express Scripts "deploys a variety of security systems designed to protect their members' personal information from unauthorized access."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Express Scripts late last week disclosed it received an extortion threat in October pertaining to patient records the pharmacy benefits management company holds. 

The St. Louis, Mo.-based company said it received a letter that included the personal information of 75 individuals who use its pharmacy-benefit services, and the extortionist threatened to expose millions of patient records unless an unspecified amount of money was received.

Express Scripts, which has been in contact with the Federal Bureau of Investigation and industry experts in the matter, did not return calls for further detail. But in an official statement, Express Scripts' chairman and CEO George Paz acknowledged a data breach may be to blame for the situation, despite the fact that Express Scripts "deploys a variety of security systems designed to protect their members' personal information from unauthorized access."

"However, as security experts know, no data system is completely invulnerable. We continue to conduct our investigation. We are notifying our members and clients to enable them to take steps to protect themselves from possible identity theft,"
Paz stated.

Express Scripts has launched a Web site for members to obtain information about the security incident.

Read more about security in Network World's Security section.