FBI Investigate Stolen Medical Records

The Federal Bureau of Investigation has been called in to investigate an extortion attempt on a medical benefit management company from St. Louis. Express Scripts received a letter in October threatening to expose data about the companies clients, the letter contained personal information on about 75 members "including names, dates of birth, Social Security numbers and, in some cases, prescription information." “We have been conducting a thorough investigation since we received this threat and we are taking it very seriously,” said George Paz, chairman and chief executive, in a statement. “We are cooperating with the F.B.I. and are committed to doing what we can to protect our members’ personal information and to track down the person or persons responsible for this criminal act.”

The company has created a website to inform it's clients about the extortion attempt, and have made the following statement "We believe we have identified where the data involved in this situation was stored in our systems and have instituted enhanced controls." That's reassuring!

The company handles prescription benefits for approximately 50 million people for various health insurers, employers and union sponsored plans.

New York Times story.

British Firm Loses Thousands Of Prisoners Data On Memory Stick

In another case of lost or stolen data, the British government is investigating the loss of a memory stick loaded with unencrypted personal data on thousands of prisoners, including names, addresses and release dates. The data was said to have been housed securely but an external contractor apparently loaded it onto a memory stick which has since gone missing.

"This was data that was being held in a secure form, but was downloaded onto a memory stick by an external contractor," Home Secretary Jacqui Smith said.

"It runs against the rules set down both for the holding of government data and set down by the external contractor and certainly set down in the contract that we had with the external contractor."

BBC story.

Bell Recovers Stolen Data After Four Weeks

Montreal police searched 2 locations and arrested one individual in a case involving the theft of data on 3.4 million customers from Quebec and Ontario. The data is said not to have contained any financial information but did include names, addresses, phone numbers and the Bell services subscribed to. There were about 170,000 customers with unlisted and unpublished phone numbers amongst the data stolen and Bell is offering to change the numbers of anyone who requests it. Bell spokesman Mark Langton told CBCNews.ca that "There's no indication that this data has been used improperly," The arrested apparently was not an employee of Bell so the question remains, how was the data acquired? Once again I'm glad that I'm not a customer of the Bell family of companies...