Is Medical Record Blackmail a Trend to Come?

CNN reports on what may be a harbinger of trends to come: Express Scripts, one of the largest pharmacy benefit management companies (PBM’s), received an anonymous threat that, unless it paid an extortionate demand, millions of its patient records would be released. Trends in data breaches generally suggest that Express Scripts will not be the last target of such blackmail.

Providers who face similar threats of blackmail should take a page out of Express Scripts’ playbook: it contacted the FBI, publicly disclosed the threat to the patients, and reiterated its commitment to protecting patient privacy rights. In so doing, Express Scripts provided a model from which others can learn.

With growing volumes of medical records stored electronically, the threat of records getting hacked will be an everpresent reality. The attraction to would-be extortionists is the idea that providers will pay just to avoid the negative publicity associated with patient privacy breaches, which upset patients worried about protecting their privacy and trigger legal investigations from government agencies like California’s new Office of Health Information Integrity (OHII), coming in January.