FBI investigates data theft blackmail scheme
Data thieves are threatening to release millions of patient records held by a U.S. prescription drug management company unless the company pays up.
Express Scripts, based in St. Louis, Missouri, said on Thursday it received a letter in early October with the names, birth dates, Social Security numbers and some prescription information for 75 patients. The company provides benefit management services to health care organizations, insurers and other businesses.
The company has notified the U.S. Federal Bureau of Investigation, as well as those people whose information was included in the letter, according to a company statement.
"While we are unaware at this time of any actual misuse of any members' information, we understand the concern that this situation has caused our members," Express Scripts said on a Web site set up to provide information on the breach.
The company has also included contact information for credit monitoring agencies and other resources for people who believed they may be a victim of fraud.
Express Scripts said it has a variety of security systems to protect patient data but said no system is invulnerable. Officials have identified where the data was stored and have implemented "enhanced controls," the company said.
The data breach at Express Scripts underscores the trouble enterprises and governments are having protecting their data from loss, theft and inadvertent disclosure.
Since January 2005, more than 230 million records involving the personal data of U.S. residents have been compromised due to breaches, according to the Privacy Rights Clearinghouse's Chronology of Data Breaches.
Hackers targeting an insecure wireless network at retailer TJX resulted in upwards of 94 million credit and debit card accounts being compromised in 2007.
In 2006, 26.5 million records containing the names, Social Security numbers and birth dates of U.S. military veterans were stolen from the Department of Veteran Affairs.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
data breach
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
