FBI has begun an investigation of an anonymous letter sent to pharmacy benefit manager Express Scripts that threatened to disclose the medical records and personal information of millions of patients unless the company paid an undisclosed amount of funds, the Wall Street Journal reports (Rubenstein, Wall Street Journal, 11/7).
On Thursday, officials for Express Scripts said that the company contacted FBI after receiving the letter in early October and hired outside data security and computer forensic experts to assist in an internal investigation (Markoff, New York Times, 11/7).
According to Express Scripts, the letter included the names, dates of birth, Social Security numbers, prescriptions and other personal information for 75 patients.
Express Scripts spokesperson Steve Littlejohn said that the company previously informed the 75 patients about the security breach but waited to disclose the breach to the public "to give the investigation time to proceed and get under way" (Perrone, AP/Chicago Tribune, 11/6).
Littlejohn said, "All we know about the nature of the data taken is that the letter enabled us to tell where in our system it was taken from," adding, "We're not ruling anything out," such as the possibility that the breach came from inside the company.
In a statement, George Paz, chair and CEO of Express Scripts, said, "We are cooperating with the FBI and are committed to doing what we can to protect our members' personal information and to track down the person or persons responsible for this criminal act."
Express Scripts serves about 50 million patients (New York Times, 11/7).