The Washington Post’s Security Fix blog posts an abject horror story:
Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site’s homepage with a ransom note demanding $10 million for the return of the records…. (Courtesy of Wikileaks)
Can you imagine? What would happen to your business if more than 8 million customer records were stolen by hackers? What if they were subsequently made public?
Something similar happened last November to Express Scripts, a pharmacy benefit management company, which declined to pay the ransom for their customer data, but is offering a $1 million reward for information leading to the arrest and conviction of the Internet extortionists.
That million dollars is no small loss, but it’s easy to imagine that Express Scripts losses go much further. While individual customers don’t choose which pharmacy benefit management company their employers or other benefit providers use, most Human Resources departments would think twice about extending a contract with a company who had such a huge security breach. Especially since those HR decisionmakers may have experienced personal privacy problems as a result of the breach!
Individual consumers also may question whether or not using the benefit is worthwhile — they might prefer to pay more for an individual prescription in order to protect their privacy.
What are you doing to ensure that your company or organization is safe from this kind of a nightmare?