Dow Jones Newswires reports:
Express Scripts Inc. (ESRX), the object of a 2008 extortion attempt by someone threatening to expose personal patient data, started notifying hundreds of thousands of members recently after the extortionist showed evidence of possessing more records than previously thought.
Since the threat was first made public nearly a year ago, the St. Louis-based company, one of the largest U.S. pharmacy benefits managers, has mailed notification letters to approximately 700,000 people, an Express Scripts spokeswoman told Dow Jones Newswires on Wednesday. Most of those letters stemmed from the latest move by the extortionist, as only a few hundred patients received notices last fall. […]
“This is a new development of the same incident that happened last fall,” said Palumbo. The thief now has proven the possession of additional records from that time, she explained. […]
The breach came to Express Scripts’ attention in October 2008, when the company received an anonymous letter threatening to expose millions of member records on the Internet if an extortion demand wasn’t satisfied. The letter included personal data on 75 members of the company’s drug-benefit plans, including Social Security numbers, addresses, birth dates and, for some, prescription information. In November, some Express Scripts clients received similar letters involving data on a few hundred individuals. […]
The company said on its site that it “stands firm in our refusal to give in to the demands of the extortionist and will continue to cooperate fully with the FBI in their investigation.”