The Express Scripts data breach comes with an alarming twist.
Yesterday, the St. Louis-based pharmacy benefits manager revealed that it received an anonymous letter in early October demanding that it pay up or risk exposure of the records of millions of patient members on the Internet. Express Scripts did not say if the extortion letter specified an amount of money. The anonymous letter included the personal information of 75 members, including their names, dates of birth, Social Security numbers and, in some cases, their prescription information, the company said.
In its announcement yesterday, the company said it turned over the letter immediately to the FBI, which is investigating the threat, and hired outside experts to help in its own investigation of the data breach. The company said the 75 members singled out in the letter have been notified, and that it is unaware at this time “of any actual misuse of the information.”
A company website on the data breach and extortion letter states that Express Scripts staff members believe they “have identified where the data involved in this situation was stored in our systems and have instituted enhanced controls.”
One of the largest pharmacy benefit management companies in the country, Express Scripts provides prescription benefits to about 50 million people. The website said the company deploys a variety of security systems designed to protect members’ personal information from unauthorized access.
“However, as security experts know, no data system is completely invulnerable,” said George Paz, chairman and CEO.
“We have been conducting a thorough investigation since we received this threat, and we are taking it very seriously,” Paz said. “We are cooperating with the FBI and are committed to doing what we can to protect our members’ personal information and to track down the person or persons responsible for this criminal act.”
The New York Times said the company has not ruled out the possibility that the data breach was an inside job.
A Wall Street Journal blog says this is not the first extortion attempt involving health records.
“Just last month, the FBI announced the arrest of some guy who allegedly stole a computer server from the Indianapolis office of Medical Excess LLC, a subsidiary of AIG, that contained “personally identifying and health care sensitive information” of more than 900,000 people. The man is also accused of trying to extort AIG for $208,000 under a threat to release the data on the Internet, the FBI said. A spokesman for AIG told us that to the best of the company’s knowledge, no personal information was disclosed.”
I know I’m not alone in believing that it’s been fascinating to watch this year’s presidential election from a technology perspective. I have to keep up on Web-based advances as part of my job, but the Internet, obviously, is becoming very integral to the way my generation interacts with and learns about the world. When we at SearchCIO.com talk to CIOs about the power of Web 2.0 (and even Web 3.0), the Obama campaign should now be considered a bellwether for the movement.
As The New York Times pointed out, “the Obama campaign sought to understand and harness the Internet (and other forms of so-called new media) to organize supporters and to reach voters who no longer rely primarily on information from newspapers and television. The platforms included YouTube, which did not exist in 2004, and the cell phone text messages that the campaign was sending out to supporters on Monday to remind them to vote.”
And, according to Newsweek, “the Obama campaign’s New Media experts created a computer program that would allow a “flusher” – the term for a volunteer who rounds up nonvoters on Election Day – to know exactly who had, and had not, voted in real time. They dubbed it Project Houdini, because of the way names disappear off the list instantly once people are identified as they wait in line at their local polling station.”
I know I’m convinced by what I witnessed Tuesday. On Facebook, nearly everybody I know had status updates alluding to the election, many of them proclaiming proudly that they had already voted. Facebook had a running app throughout the day tallying the number of Facebookers who said they voted, and it reached more than 5 million. It was even pointed out to me that some election-day freebies many people jumped on, such as free coffee at Starbucks and free ice cream at Ben & Jerry’s, were by and large promoted electronically.
This emphasis on democracy via technology continued throughout the day. I received several texts and emails from friends encouraging me to vote. When Obama’s victory was announced around 11 p.m. EST, another round of text messages streamed in.
The Obama campaign really seized on the modes of communication that will propel Americans – and particularly young voters – into the future. According to The Guardian out of England, Facebook is more popular than the BBC’s network of sites. I couldn’t find a similar survey in America comparing Facebook with, say, CNN.com, but I wouldn’t be surprised to see similar results.
As the AP points out, there were only a few hundred websites in existence when Bill Clinton assumed the presidency in 1993, and hardly any blogs when George W. Bush became president in 2001. The world has changed, and with it, the electorate has, too. Never again can a viable presidential candidate ignore the power of the Internet in an election.
And, thankfully, we’ve got at least a couple of years before any of them will have to start thinking about it again.
I hope everybody had a great Halloween weekend! Here’s what we worked on last week at SearchCIO.com:
- Adjusting your budget in a volatile economy — Most CIOs are still using traditional financial models that are not well-suited to a volatile business environment, let alone a global recession.
Also, while you’re reading this story, don’t forget to take these Gartner quizzes on managing growth and setting priorities for 2009.
- Scottrade reinvents PMO for speed and volume — Scottrade Inc. CIO Ian Patterson discusses the transformation of the company’s program management office from creaky to competitive.
- Tips on how to dodge the scariest of IT worst-case scenarios - We couldn’t let Halloween pass by without some sort of acknowledgment. Scare yourself silly with these IT horror stories, and learn how enterprise CIOs can exorcise past mistakes.
For all the YouTube addicts out there (myself included), there’s an interesting blog post on NYTimes.com this week about online-video attention spans. According to Saul Hansell, who attended a roundtable this week dedicated to online video, people are watching longer and longer video clips on their computers.
YouTube really kicked things off a couple of years ago. Hulu, which just celebrated its first birthday, served 142 million steams, including full television episodes and shorter clips, to 6.3 million users in September. And on Blip.tv, which aggregates semiprofessional and professional videos, the average length of a program has increased from three to five minutes a year ago to five to seven minutes now, said Mike Hudack, its chief executive.
The possibilities for online video continue to ramp up. I was introduced this week to Gaudi, Google’s experimental audio-indexing site. Gaudi allows users to search for specific phrases in video and presents search results listing the number of times that those words appear in the video. When you click on a video, you’ll even see time stamps noting where, exactly, the word is uttered. Wow. So far, this works with only election-related coverage, but it’s sure to branch out once Google works out any kinks.
So, what does all of this mean to the CIO? For starters, it means taking a fresh look at your company’s online strategy with regard to video. Conventional wisdom has dictated keeping video clips short and snappy so visitors don’t lose interest. However, as Hansell points out, online visitors have the option of perusing sites much like they would a newspaper, skipping items that don’t interest them and poring over those that do.
Is there a product your company would like to promote that is better conveyed through visuals and audio than .jpgs and text? Don’t be afraid to dedicate a good five or 10 minutes to that puppy (provided it’s well-produced), showing off its attributes, showing customers talking about it and demonstrating its uses in action. Yes, you might lose some eyeballs after the first minute or two, but the people who stick around for the full presentation? Probably more likely to be your real customers, anyway.
And when you script these videos, make sure you’re including the keyword phrases for which customers might be searching — it’s good practice and will mean you’re ahead of the game when this audio-indexing thing really takes off.
If the economy puts your job at risk, you might want to consider a career at those places that are always giving you advice.
Both Gartner Inc. and Forrester Research Inc. beat earnings estimates for the third quarter. Gartner’s quarterly profit of 19 cents a share easily beat Wall Street estimates of 12 cents a share, sending shares up some 6% on Thursday. Forrester shares beat analysts’ estimates by a penny, sending its shares up 9% on Wednesday. Sales were also up at both research houses. Gartner saw third-quarter revenue rise 11% from a year earlier, to $297.3 million. Forrester’s revenue came in at $59.1 million for the quarter, up more than 15% from a year ago.
Cautious optimism was the watch phrase from both firms. Forrester chairman and CEO George Colony pointed to new clients added in the third quarter as a sign that the firm’s “role-based strategy” remains relevant. Gartner CEO Eugene Hall noted that the firm’s events business showed signs of slowing in July, prompting Gartner to trim its revenue outlook for 2008, but 2008′s profits are expected to beat the firm’s earlier estimates.
Downturn, shmownturn. Your peers at technology companies apparently don’t need a global recession to get their juices flowing. A new survey of 151 U.S. technology company executives by Deloitte Consulting LLP identified competition, not a downturn in the economy, as a main driver of change at their companies. The execs hailed from a variety of technology sectors, including telecommunications, semiconductors, OEM/hardware and software industries, Deloitte said.
According to the study, a majority of the technology companies (59%) surveyed said they had shifted focus prior to the economic downturn to concentrate more on tuning up internal operations that would make them stronger and more flexible in the face of global competition. Company-wide initiatives centered on implementing information technology, driving cost reductions and restructuring operations, as opposed to emphasizing new products and services.
“While new product innovation and market expansion have and will continue to be crucial elements to a technology company’s success, they alone are not longer sufficient to guarantee long-term survival and value creation,” says John Ciacchella, principal and U.S. consulting technology leader at Deloitte.
Not only were these technology warriors on the rampage before the recession hit, but they’re also pretty delighted by their own efforts. Another eye-opener from the survey: The majority of initiatives met (60%) or exceeded (23%) expectations, while comparatively few failed (5%) or only partially met (12%) expectations
In honor of Halloween, Kristen Caretta, associate editor of SearchCIO-Midmarket.com, and I decided to get a bit silly and dream up our top 10 Halloween costumes for the IT set. Wear these to your office party and wait for the compliments – or, possibly, eye rolls – to come in.
Without further ado:
- HAL, from 2001: A Space Odyssey. Dress all in black and affix a red, glowing button to your chest, with a “Hello Dave” sign underneath. You’ve probably heard the rumor that the name HAL might have been derived from IBM … which offers me an excellent opportunity to direct you to our Halloween-themed podcast on SearchCIO-Midmarket.com, where IBM’s business continuity expert Pat Corcoran discusses IT lessons learned from horror movies.
- iPhone 3G – This could qualify as a “scary” costume in the sense that, “It’s scary how one technological behemoth is changing the way consumers look at mobile computing” (even if opinions on the iPhone’s application in enterprise are still, uh, mixed).
Sport a rectangular box (black or white if you’re going as a 16 GB model, black only if you’re going as an 8 GB model) with colorful icons pasted on it. Encourage party guests to try out your “apps”: ask them to sing a song, and try to identify it, a la Shazam or Midomi. Or make restaurant recommendations in their neighborhood. Or provide them with the latest scores for their favorite sports teams. The possibilities are endless. And maybe you’ll even be lucky enough to run into a party guest dressed as Google’s G1 Android phone and get a competition going….
- Cloud computing: Strap a big, clear bag containing cotton around your midsection, and walk around all evening with a laptop tucked under your arm. When people ask about your costume, explain that you’re to thank for Google Apps and the like.
- A credit card: Infamous data breaches the past couple of years at Hannaford Bros. Co. and The TJ Maxx Cos. have caused some consumers to think twice before paying via credit. Dress up as a Visa or Mastercard, and let everybody know that you’re interested in transacting with only the 50% of businesses that are compliant with Payment Card Industry Data Security Standards.
- A telecommuter – Show up in your pajamas and slippers and explain that you’ve been slaving away at “the home office” all day. Make it clear that, no, you haven’t been laid off – CIOs report that they’re actually relatively secure in their jobs despite the current financial crisis.
Want to know the other five? Visit SearchCIO-Midmarket.com’s CIO Symmetry blog. And feel free to chime in with your own suggestions!
Forrester Chairman and CEO George Colony has a reassuring blog out this morning on the impact of a global recession on tech. His take? Technology had its Great Depression in 2001-2003, and this time will be different. Seven years later, the irrational exuberance that proceeded the fall has modulated. Tech will be down but not out, Colony says:
2001-2003 was a tech depression. Spending stopped, projects were canceled, excess inventory flooded the market destroying pricing. Cisco lost half a trillion dollars of market cap. Why? Tech had a long way to fall. Tech spending in 2000 in the U.S. was up 12% — there was fluff and fat everywhere. When the bubble burst, the fall was precipitous. But tech spending was up only 6% from 2006 to 2007.
Another difference from seven years ago?
There were no big tech changes afoot back in 2001-2002. Not true now. Virtualization, social computing, mobile computing, Green IT, SOA, extended Internet (connecting the physical world to the digital world) are front and center on the agendas of large companies. Will many of these projects get cut back? Yes. But many are part of long-term company plans — they will persist despite economic slowdowns.
Colony, as anyone who attends Forrester conferences knows, has long advocated a name change for IT to BT, or business technology, to acknowledge that IT sits in the center of business operations. BT will drive the recovery this time, he says, from Wal-Mart using social computing to sharpen its response to customers to JPMorgan integrating Bear Stearns.
Let’s hope IT can take care of business.
Here’s a rundown of the latest content on SearchCIO.com:
- Gartner: 25 ways to cut IT costs — Cutting costs is “never an activity with long lead times,” according to Gartner analyst Ellen Kitzis. Here are 25 tips from Gartner to think about between now and the end of the year.
- Top five tips for CIO strategic planning — Strategic planning for enterprise CIOs takes on even more importance in an unsteady economy. Here are five tips for doing it properly.
- Traditional DR test models outgrow usefulness — Traditional disaster recovery testing methods focus on a small group of mission-critical applications, leaving many important ones at risk.
- Managing IT risk in the enterprise — In this podcast, author George Westerman offers advice to help you turn IT risk management from a cost of doing business into an enabler of strategic value.
Sun Microsystems co-founder, early Google backer and computer engineer extraordinaire Andreas von Bechtolsheim is leaving his job as chief architect at Sun to apply his considerable talents to Arista Networks, a company he started as a sideline four years ago. The startup, which sells cloud networking technology for large data centers, has built a line of 10 Gigabit Ethernet switches that Arista execs say rivals anything Cisco offers, for a fraction of the cost. Google is a customer.
This is the second time von Bechtolsheim has left Sun, having decamped in 1995 to found Granite Systems, also a developer of high-speed network switches. That company was acquired in 1996 by Cisco for $220 million, with Bechtolsheim owning 60%. He worked in Cisco’s Gigabit Systems Business Unit until leaving to found Kealia Inc. with David Cheriton, a partner at Granite Systems. Kealia, which focused on advanced server technology, was acquired by Sun in 2004, prompting Bechtolsheim’s return to his old stomping grounds.
The high-profile leave-taking is getting a lot of play in the industry and mainstream press, most of pretty breathless. The New York Times story refers to Bechtolsheim as a “brilliant billionaire who has created some of the best-selling computer systems in the industry.” BusinessWeek casts the high-profile leave-taking as another blow for the slumping Sun, depicting Bechtolsheim as Sun’s “technical savior.”
No question the German-born Bechtolsheim is a star of the first order at Sun. He was a wunderkind when he designed Sun’s (Java) original workstation while still a Ph.D. student at Stanford University and does not appear to have lost any of that youthful brilliance. Certainly Sun Chairman Scott McNealy must be feeling the loss, judging from a keynote talk he gave shortly after Bechtolsheim returned to the company in 2004.
In the keynote an ecstatic McNealy recalls meeting Bechtolsheim on the Stanford campus “a long long time ago,” when McNealy was 27. “Little did I know that he would turn into what I consider to be the most prolific and exciting and talented workstation and single-board computer designer on the planet,” says McNealy, welcoming “employee number one” home and inviting Bechtolsheim to join him on stage to answer questions about what the Kealia technology would do for Sun.
“This guy is prolific beyond anything you’ve seen and we are very, very excited. It is kind of nice to have him running up the steps and lighting the torch here for what we are going to do. … I just do not know if you can tell how excited I am to have Andy back on board because I will follow this guy anywhere and do everything I can to help him be successful.”
You can read the full interchange with Bechtolsheim at that 2004 conference on SearchCIO.com.