More on the Express Scripts security breach

Prescription benefit manager Express Scripts and certain of its customers received extortion demands from data thieves who had stolen confidential Express Script member health information. Express Scripts responded aggressively as explained on its dedicated website.

AIS Drug Benefits News featured an update on the story today.

[Express Scripts} so far has taken all of the right steps, says one security expert. “Textbook-wise, it looks like they’re doing everything possible [to address the issue],” says Harry B. Rhodes, director of practice leadership at the American Health Information Management Association. Among other things, the PBM has examined the audit trail, contacted affected customers and is working with the FBI on the investigation, he notes.Still, Rhodes says that now that Express Scripts has identified where the information came from in its database, the company should be able to start zeroing in on the people that had access to that information. He points out that 80% of data breaches are the result of an inside job.”They need to look at all of their employees, including their current employees,” he suggests. “The current best practice is [that] you do a background check on people who have access to this type of information, especially people who can download or move or copy large portions of information.”

The article also discusses the data security practices of the other two major PBMs, Medco Health Solutions and CVS/Caremark.