Network News

X My Profile
View More Activity

Pharmacy Extortionists Take on CIA, DoD, FBI, NSA

Extortionists targeting clients of Express Scripts -- one of the nation's largest pharmacy benefits management firms -- may have inadvertently picked a fight for which they were ill-prepared. Security Fix has learned that among the company's biggest customers is the federal government, and specifically almost every federal law enforcement, military and intelligence agency in the country.

Last month, St. Louis-based Express Scripts said extortionists are threatening to disclose personal and medical information about millions of Americans if the company fails to meet payment demands.

Express Scripts is the third-largest U.S. pharmacy benefit management firm, which processes and pays prescription drug claims. Working with more than 1,600 companies, it handles roughly 500 million prescriptions a year for about 50 million Americans.


The company has refused to pay the demand, and since then the extortionists have moved on to targeting clients of its member companies directly. Locally, the Fairfax County Public Schools system is among Express Scripts' clients, but has not been directly contacted by extortionists.

According to the 2009 Association Benefit Plan, a fee-for-service plan for civilian active and retired employees of the following organizations and one of several plans available through the Federal Employees Health Benefits Program, employees at a laundry list of three-letter agencies are Express Scripts customers. They include:

Office of the Director of National Intelligence (ODNI)
Central Intelligence Agency (CIA)
Defense Intelligence Agency (DIA)
Department of Defense (DOD)
Department of Energy, Office of Intelligence and Counterintelligence
Department of Homeland Security, Office of Intelligence and Analysis
Department of Treasury, Office of Intelligence and Analysis
Drug Enforcement Administration, Intelligence Division
Federal Bureau of Investigation (FBI)
National Geospatial Intelligence Agency (NGA)
National Reconnaissance Office (NRO)
Office of Naval Intelligence
State Department
U.S. Air Force, Office of Intelligence and Air Intelligence Agency
U.S. Army, Office of Intelligence and Security Command
U.S. Coast Guard, Office of Intelligence and Criminal Investigations
U.S. Marine Corps, Office of Intelligence and Marine Intelligence Activity

The Association Benefit Plan is administered by Coventry Health Care of Gastonia, N.C., which acquired the plan when it bought out Mutual of Omaha's health plan coverage in April 2007.

Little wonder that Express Scripts is now offering a $1 million reward for information leading to the arrest and conviction of anyone who may be responsible for these attacks: Employees of the agency investigating the attack may be the target of this ongoing threat.

I shudder to think how much damage a creative criminal could do armed with the Social Security numbers and other sensitive information belonging to the nation's top intelligence officials.

Update, Nov. 25, 12:58 p.m. ET: An earlier version of this blog post incorrectly stated that Fairfax County Public Schools had been directly contacted by the extortionists. The relevant paragraph has been changed to reflect this.

By Brian Krebs  |  November 24, 2008; 6:16 PM ET
Categories:  Cyber Justice , Fraud , From the Bunker , U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Felony Spyware/Porn Charges Against Teacher Dropped
Next: Two Weeks Out, Spam Volumes Still Way Down


Good! Maybe now the CIA, NSA, FBI, and the others will collaborate effectively to track down the extortionists. BTW, just how did the hackers obtain the data: did they hack systems, or was it an inside job?

Posted by: Garak | November 24, 2008 7:12 PM | Report abuse

Now this is going to be a story with an interesting outcome...

This will be an interesting test to see if the government can really do anything about 'cyber threats' (I think I threw up in my mouth a little typing that) or if all their talk is just talk.

Posted by: timscanlon | November 24, 2008 11:11 PM | Report abuse

Just a general comment not related to this blog posting: It is now refreshing to read comments since posting them has been tightened up. No more idiotic rants or mysterious Russian Cyrillic postings, let alone bot-posted URL's.

Posted by: peterpallesen | November 25, 2008 9:44 AM | Report abuse

This story goes very nicely with this story in the WP today:

One of the reasons that physicians are reluctant to participate in the electronic prescription program are these kind of data breaches (be it from the outside or an insider job).

Posted by: sgunes | November 25, 2008 6:31 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company