Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.
Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.
Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records:
"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The site, along with a number of other Web pages related to Virginia Department of Health Professions, remains unreachable at this time. Sandra Whitley Ryals, director of Virginia's Department of Health Professions, declined to discuss details of the hacker's claims, and referred inquires to the FBI.
"There is a criminal investigation under way by federal and state authorities, and we take the information security very serious," she said.
A spokesman for the FBI declined to confirm or deny that the agency may be investigating.
Whitley Ryals said the state discovered the intrusion on April 30, after which time it shut down Web site site access to dozens of pages serving the Department of Health Professions. The state also has temporarily discontinued e-mail to and from the department pending the outcome of a security audit, Whitley Ryals said.
"We do have some of systems restored, but we're being very careful in working with experts and authorities to take essential steps as we proceed forward," she said. "Only when the experts tell us that these systems are safe and secure for being live and interactive will that restoration be complete."
She added that the department does have a page online at www.dhp.virginia.gov that lists the phone and fax numbers for various state health boards, and that the state would continue issuing health care licenses and investigating violations of the law or regulations of state health licensees.
This is the second major extortion attack related to the theft of health care data in the past year. In October 2008, Express Scripts, one of the nation's largest processors of pharmacy prescriptions, disclosed that extortionists were threatening to disclose personal and medical information on millions of Americans if the company failed to meet payment demands. Express Scripts is currently offering a $1 million reward for information leading to the arrest and conviction of the individual(s) responsible for trying to extort money from the company.
Honestly when you make that kind of mistakes your asking for it.
On the other hand when the cracker goes on to demand 10 million in ransom thus getting the FBI on your tail, all you are really doing is painting a big target on your head and dancing on top of a hill while screaming hit me if you can!! to a bunch of people armed with snipper riffles.
Scary. I work in the health care industry somewhat. Our company deals with blood donor information online. We're VERY protective of our data and this was one of the first emails I got when I went to work this morning.
I guess regular back-up would help at this point, but then, over 8 million? That's a lot of shit to back up.
Never mind. _________________ John R. Gibson
Host/Writer/Creator Video Masters TV
"The whole planet Houston?" -General Zod
"Am I supposed to conduct with my penis?" -Peter Griffin (Family Guy)
"What does God need with a starship?" - Star Trek V
8 million isn't a whole lot to backup. We've got much more and it's backed up on a regular basis to multiple external sites. This was a shoddy infrastructure which was exposed.
I still don't understand what a person has to gain by wiping out prescription info from a database?
And 10 million dollars? That's it. Makes me think of that scene in Austin Powers where Dr. Evil asks for...what...a million dollars, and people laugh at him.
"I will hold your prescription info for....100....billion...dollars", and then put your pinky by your mouth. _________________ John R. Gibson
Host/Writer/Creator Video Masters TV
"The whole planet Houston?" -General Zod
"Am I supposed to conduct with my penis?" -Peter Griffin (Family Guy)
"What does God need with a starship?" - Star Trek V
I still don't understand what a person has to gain by wiping out prescription info from a database?
And 10 million dollars? That's it. Makes me think of that scene in Austin Powers where Dr. Evil asks for...what...a million dollars, and people laugh at him.
"I will hold your prescription info for....100....billion...dollars", and then put your pinky by your mouth.
Well, the hacker copied the info then deleted all traces of it on the regular and backup systems. Data these days is worth money. Realistically, the data was probably only worth a few million dollars.
It's not so much the prescription info that's the threat but the personal information, social security numbers, addresses, credit card numbers, etc.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
FAQ
Search
Memberlist
Usergroups
Join! (free) 
Profile
Log in to check your private messages
Log in
