Express Scripts, one of the leading pharmacy benefit providers in the country, has reported a massive data breach that had led to the hackers threatening to release customer information unless the company pays a substantial ransom.
Some of the information breached includes names, dates of birth, Social Security numbers, and in some cases, prescription information. You know - exactly the kind of information you want to be freely shared all over the Internet.
The FBI is investigating, and meanwhile, Express Scripts is pleading the "no system is ever 100% secure" defense.
The most troubling point from my perspective is that this information was obtained by unauthorized third parties without Express Scripts even being aware. If they hadn't received the ransom letter, they might still not know they had been breached.
As a customer, I would demand a better explanation than that. As a data security professional, I'd be looking into their controls environment and finding out which of their data protection controls was either missing, or which were rated as effective when in fact they were anything but.
No comments:
Post a Comment
Please tell me what you think.