Print 15 comment(s) - last by AnnihilatorX.. on May 7 at 6:17 AM

The Virginia Health database has been compromised, and now hackers are holding a $10M ransom for return of the records

The Virginia Prescription Monitoring Program has reportedly been compromised, with those responsible deleting records and now wanting $10 million before the records are restored, discovered.

"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions," the hacker said in a ransom note.  "Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."

The Virginia Prescription Monitoring Program website is used to help pharmacists track prescription drug abuse, and has the records of 8 million state residents available through the network.  The network, along with other portals connected to the Virginia Department of Health Professions, is still unavailable at the moment.

State health officials are now working with the FBI to try and identify and locate those responsible for bringing down the network.  As the case is ongoing, the FBI hasn't issued a statement regarding the intrusion, though will be looking for sources both in the United States and across the world.

"We do have some of (the) systems restored, but we're being very careful in working with experts and authorities to take essential steps as we proceed forward," Virginia Department of Health Professionals Sandra Ryals said in a statement.  "Only when the experts tell us that these systems are safe and secure for being live and interactive will that restoration be complete."

Online data breaches unfortunately are becoming more common, though this is one of the first times a ransom note has been left in exchange for data records.  Extortion-based hacking attempts continually concern security experts, as there appear to be more foreign-based hackers launching attacks against U.S. computer networks.

The FBI is unlikely to disclose the location of those responsible for this data intrusion until they're apprehended, though security experts will likely follow the case closely.

ExpressScripts, a pharmacy prescription processor, suffered an extortion attempt in 2008, when hackers threatened to release the personal and medical information of Americans in exchange for money.  The company now has $1 million leading to the arrest and conviction of those responsible.

Social Security numbers, personal medical information, and financial information are all popular targets for hackers, who can either sell the information to spammers and people involved with credit fraud, or hold the information for ransom.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Picture for Article Title
By wannabemedontu on 5/6/2009 12:25:51 PM , Rating: 2
Anyone remember the name of that Hacker movie they pulled that pick of Angela Jolie from next to the article title? Man, she was always hot.

RE: Picture for Article Title
By qualme on 5/6/2009 12:39:08 PM , Rating: 2
RE: Picture for Article Title
By HrilL on 5/6/2009 12:41:43 PM , Rating: 2
Its called "Hackers" Pretty good flick.

RE: Picture for Article Title
By ggordonliddy on 5/7/2009 3:17:45 AM , Rating: 2
What is a "pick" of a person? Are you jamming your fingers up your nose and producing a bloody torrent?

By AnnihilatorX on 5/7/2009 6:17:30 AM , Rating: 2
I think the OP meant Pic

Good luck collecting that money...
By BigToque on 5/6/2009 12:47:28 AM , Rating: 3
I'm going to seriously hope that there were copies of all these records being held offline and offsite. That's just basic cover your ass type stuff.

I've never heard of anyone try to sell the information back to the people they stole it from (unless they don't actually have any backups). I thought the only people wanting to buy this kind of information were people on the black market.

RE: Good luck collecting that money...
By Bremen7000 on 5/6/2009 1:35:58 AM , Rating: 2
It's actually pretty common/well-known, but notsomuch lately -- breaking in and encrypting critical info to hold it ransom.

By dragonbif on 5/6/2009 12:08:38 PM , Rating: 2
In most states it is the law to have any off site backup such as tapes for publice recoreds that are done each week and go 5 backups back. So I would say if those backups are missing also then it would have to be someone who knows how to get to them otherwise whoever this is has lost the game.

Nice Title
By accura on 5/6/2009 11:08:07 AM , Rating: 2
Nice Title!!

RE: Nice Title
By qualme on 5/6/2009 12:37:19 PM , Rating: 2

um what is virgina? do they mean Virginia?

RE: Nice Title
By Alexvrb on 5/6/2009 5:51:01 PM , Rating: 2
One can only hope.

By Alexvrb on 5/6/2009 6:09:51 PM , Rating: 2
This is a complete non-story. The Virginia Prescription Monitoring Program in question is a program used to track prescriptions of controlled substances (such as narcotics). Per the DOJ:

"Prescription drug monitoring programs are being used to deter and identify illegal activity such as prescription forgery, indiscriminate prescribing and "doctor shopping." "

In other words, the only prescriptions in this database were those of controlled substances, and they only keep track of them to keep an eye out for people (and doctors) abusing the system to obtain or sell narcotics.

This doesn't affect offices/hospitals in any way, really. Besides, even if their own (seperate) databases were compromised, the paper records (charts) have all the information they need.

By ipay on 5/7/2009 4:05:22 AM , Rating: 2
Paper Records? Really ?? Great, now all they have to do is re-input 35 million-somewhat prescriptions into the new database and everything is swell. Any volunteers?

Besides, "Prescription drug monitoring programs are being used to deter and identify illegal activity such as prescription forgery, indiscriminate prescribing and "doctor shopping." - it says something if such a database contains over 8 million names. Everyone switched to the legal drugs to get high nowadays, huh. Pathetic.

Putting more info on the internet
By JediJeb on 5/6/2009 11:14:59 AM , Rating: 2
The push now days is to put all your information on internet based storage, delocalized apps similar to the "cloud" computing and server hosted software that Microsoft and others are pushing, but this is an example of why I would not buy into that. Back when there was a miriad of operating systems and private networks this was not very common, though systems working together under the same software packages makes things much easier today, there still needs to be a balance of ease of use versus security. I would rather have a system that you needed to learn a little to operate that was safe, than one that isn't so safe but any person off the street could operate with ease.

Userfriendly isn't always client friendly if it opens up their personal data to becoming public.

By ae01af on 5/6/2009 2:17:27 PM , Rating: 2
This has to be the craziest hacking scheme I have heard of! While the idea is revolutionary I thought it was pretty dumb that He/She/they asked for only 10 mil, I mean all these people will have to go to their doctors to get re-diagnosed and reperscribed if all their files are inaccessible?

"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki