$1M Reward Offered To Nab Data Breach Extortionist

alphadogg writes with this excerpt from NetworkWorld: "Express Scripts, the pharmacy benefits management company which recently disclosed an extortionist is demanding money by threatening to expose millions of patient records the company holds, Wednesday said it has decided to offer $1 million to nab the perpetrator. 'We're going on the offense with this reward,' an Express Scripts spokesman said. The $1 million will be paid to anyone who provides information leading to the capture and conviction of the extortionist who sent a letter to Express Scripts in early October that contained personal information on 75 people, considered members, who use the company's pharmacy-benefits services. The extortionist claims to have information on millions more Express Scripts members and wants money to not reveal it."

Re:Million dollar reward

[Kneo24]

I completely agree. I've known people who have worked for that company. Now anyone dealing with their customer service or prescription filling has to sign an NDA saying that even after leaving, they can't disclose any information. Apparently a lot of famous people like to pop prescription drugs (no surprise there).

Their security at night is lax. The women don't work and instead just find the nearest security guard and closet and have some fun. Either way, it wouldn't be too hard to get a lot of information and dip your hands into the extortion bracket.

Interesting. This is highly illegal in Europe

[Nicolas+MONNET]

Covered by personal data protection laws; you seriously need one of those in the US. (And yeah, I know the libertardian argument against it (that it would cost zillions to business (which is obviously wrong (but that would not stop a 'tardian, would it?))))

Additionally, as I understand it, this kind of things is also considered a major breach of pharmacist/patient privilege around here. Any pharmacist who would leak this info in the first place would quickly lose his license, on top of being criminally prosecuted. I don't even think the insurance companies get detailed info about what they're reimbursing as far as prescription meds are concerned.

Re:Interesting. This is highly illegal in Europe

[Detritus]

Yes, that is the case in the US.

I don't think so. This information has been collected and sold for decades. One of my relatives is a pharmacist. When business was slow, she would fill out a small form for each prescription that was dispensed that day. The data collection company paid a small fee for each completed form. This practice wasn't secret or considered a violation of professional ethics.

Re:Million dollar reward

[lysergic.acid]

again, RTFA:

We're in the process of notifying our members and clients to enable them to take steps to protect themselves from possible identity theft.

We have notified the members whose information appeared in the extortion letter. We notified the FBI immediately after we received the letter and they continue to investigate. Additionally, we launched our own investigation with the assistance of outside experts in data security and computer forensics.
[...]
How do I know if my company received an extortion letter?
We are notifying all our clients and the members whose data was listed in the extortion letters.
[...]
How will you notify me if you find out if my records have been accessed?
Express Scripts will notify in compliance with state regulations. The best way for you to receive personal notification, if needed, is to log into our secure member website to update your email address. If you are not currently registered, please visit our member website to activate your account.