Express Scripts clients threatened with extortion
One week after a breached corporate health care company refused to pay extortionists, the criminals now are seeking money from the corporate clients whose employee data might have been exposed.
St. Louis-based Express Scripts said on Tuesday that a limited number of its clients--which include government agencies, unions, and employers--have received letters threatening to expose the personal information of its members. The company said the letters sent to its clients were similar to the original extortion threat it received in October.
The company also said it was establishing a reward totaling $1 million to anyone providing information that results in the arrest and conviction of the criminals responsible.
"We are cooperating fully with the FBI to assist them in their investigation and doing what we can to protect our members," said George Paz, CEO and chairman of Express Scripts, in a statement on the company's site.
In a separate announcement, Express Scripts announced that Knoll, a New York-based risk-consulting firm, has been contracted to offer expert assistance to members who become victims of identity fraud as a result of this incident.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
- Topics:
-
News,
-
Vulnerabilities & attacks
- Tags:
-
security,
-
identity fraud,
-
Express Scripts,
-
FBI,
-
extortion,
-
healthcare,
-
Knoll
- Share:
- Digg
- Del.icio.us
The author, David Scott, has an interview that is a great exposure: http://businessforum.com/DScott_02.html - The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
I like to pass along things that work, in hopes that good ideas make their way to me.
We are the new "David" on the block, and we have been under everyone's radar (including no web site) purposely. We are a OEM that manufacturers a commercial unhackerble network(s) system, named internally as "DtX." Meets OSI Layer One Standard, the last physical Layer for security. Layers 2-7 are where all the S/W vendors hang out with or without there appliances. All S/W including encryption is hackable, and that's backed by science. DtX can switch one or more network ports in under a millionth of a second (60-90 nanoseconds) when an anomaly is detected. Meanwhile the network(s) stays up, while the hacker(s) is also shunted to a dummy network(s) where they can be traced.Today, you literally bolt on your DtX & immediately the system is 100% interoperable & transparent with all IT & Physical networks today!
E-Week published an article on "What happens when a Network goes Down" on January 8, 2007. Under Section 4 "Response" do you want to guess what they stated? Say "No" because they said "pull all the cables out first." Then of course they had to then plug them back in eventually. Large networks have thousands of plugs! Also, our "autonomics" can eliminate wire closets as you know them and are real time.. Another big plus added ROI.
We will also will be offering for "Alpha" end users version of our Denial of Services product that is scientifically unique and meets DARPA 98 Standards today.
Another of our products is our own global network based Real TIME Administrator (for adds, moves, changes, testing, repairing, etc. It sits "autonomically" on top of any Network Management System like IBM's Websphere, HP's Openview, CA's Uniview, etc. We meet or exceed OSI Level One (the last physical security layer), Common Criteria EAL-6,, OSI & PCI-DSS Standards, etc. We believe we are the only 100% science based global OEM in our specialties, based on independent and well respected references which are available.
As an added benefit, clients are reporting 60-70% savings of time savings and tech support costs with a quick ROI. Additionally, our own DOS's product has been Beta tested in accordance with the aforementioned standards for over 30 months.
In early 2007, the Canadian Government Dept. of Public Safety (DHS) and a major US State County's Data Centers became clients. Our earlier technology since 2001 was successful to the point that not one S/W nit or service call in over 100 + earlier model systems shipped. That includes our latest clients as well. These first and second generation systems have been tested and purchased by the U.S. Air Force and the U.S. Navy for inclusion in government projects. Prominent commercial users of the DtX include L-3 (Global Crossing Inc), Nortel Networks, Allied Irish Bank, Sanko Telecom of Japan, and Blue Cross Blue Shield of Florida.
Please feel free to call me: 917-497-5523
.