Pharmacy Extortionists Take on CIA, DoD, FBI, NSA
Extortionists targeting clients of Express Scripts -- one of the nation's largest pharmacy benefits management firms -- may have inadvertently picked a fight for which they were ill-prepared. Security Fix has learned that among the company's biggest customers is the federal government, and specifically almost every federal law enforcement, military and intelligence agency in the country.
Last month, St. Louis-based Express Scripts said extortionists are threatening to disclose personal and medical information about millions of Americans if the company fails to meet payment demands.
Express Scripts is the third-largest U.S. pharmacy benefit management firm, which processes and pays prescription drug claims. Working with more than 1,600 companies, it handles roughly 500 million prescriptions a year for about 50 million Americans.
The company has refused to pay the demand, and since then the extortionists have moved on to targeting clients of its member companies directly. Locally, the Fairfax County Public Schools system is among Express Scripts' clients, but has not been directly contacted by extortionists.
According to the 2009 Association Benefit Plan, a fee-for-service plan for civilian active and retired employees of the following organizations and one of several plans available through the Federal Employees Health Benefits Program, employees at a laundry list of three-letter agencies are Express Scripts customers. They include:
Office of the Director of National Intelligence (ODNI)
Central Intelligence Agency (CIA)
Defense Intelligence Agency (DIA)
Department of Defense (DOD)
Department of Energy, Office of Intelligence and Counterintelligence
Department of Homeland Security, Office of Intelligence and Analysis
Department of Treasury, Office of Intelligence and Analysis
Drug Enforcement Administration, Intelligence Division
Federal Bureau of Investigation (FBI)
National Geospatial Intelligence Agency (NGA)
National Reconnaissance Office (NRO)
Office of Naval Intelligence
U.S. Air Force, Office of Intelligence and Air Intelligence Agency
U.S. Army, Office of Intelligence and Security Command
U.S. Coast Guard, Office of Intelligence and Criminal Investigations
U.S. Marine Corps, Office of Intelligence and Marine Intelligence Activity
The Association Benefit Plan is administered by Coventry Health Care of Gastonia, N.C., which acquired the plan when it bought out Mutual of Omaha's health plan coverage in April 2007.
Little wonder that Express Scripts is now offering a $1 million reward for information leading to the arrest and conviction of anyone who may be responsible for these attacks: Employees of the agency investigating the attack may be the target of this ongoing threat.
I shudder to think how much damage a creative criminal could do armed with the Social Security numbers and other sensitive information belonging to the nation's top intelligence officials.
Update, Nov. 25, 12:58 p.m. ET: An earlier version of this blog post incorrectly stated that Fairfax County Public Schools had been directly contacted by the extortionists. The relevant paragraph has been changed to reflect this.
November 24, 2008; 6:16 PM ET
Categories: Cyber Justice , Fraud , From the Bunker , U.S. Government
Save & Share: Previous: Felony Spyware/Porn Charges Against Teacher Dropped
Next: Two Weeks Out, Spam Volumes Still Way Down
Posted by: Garak | November 24, 2008 7:12 PM | Report abuse
Posted by: timscanlon | November 24, 2008 11:11 PM | Report abuse
Posted by: peterpallesen | November 25, 2008 9:44 AM | Report abuse
Posted by: sgunes | November 25, 2008 6:31 PM | Report abuse
The comments to this entry are closed.