The Virginia Prescription Monitoring Program has reportedly been compromised, with those responsible deleting records and now wanting $10 million before the records are restored, Wikileaks.org discovered.
"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions," the hacker said in a ransom note. "Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The Virginia Prescription Monitoring Program website is used to help pharmacists track prescription drug abuse, and has the records of 8 million state residents available through the network. The network, along with other portals connected to the Virginia Department of Health Professions, is still unavailable at the moment.
State health officials are now working with the FBI to try and identify and locate those responsible for bringing down the network. As the case is ongoing, the FBI hasn't issued a statement regarding the intrusion, though will be looking for sources both in the United States and across the world.
"We do have some of (the) systems restored, but we're being very careful in working with experts and authorities to take essential steps as we proceed forward," Virginia Department of Health Professionals Sandra Ryals said in a statement. "Only when the experts tell us that these systems are safe and secure for being live and interactive will that restoration be complete."
Online data breaches unfortunately are becoming more common, though this is one of the first times a ransom note has been left in exchange for data records. Extortion-based hacking attempts continually concern security experts, as there appear to be more foreign-based hackers launching attacks against U.S. computer networks.
The FBI is unlikely to disclose the location of those responsible for this data intrusion until they're apprehended, though security experts will likely follow the case closely.
ExpressScripts, a pharmacy prescription processor, suffered an extortion attempt in 2008, when hackers threatened to release the personal and medical information of Americans in exchange for money. The company now has $1 million leading to the arrest and conviction of those responsible.
Social Security numbers, personal medical information, and financial information are all popular targets for hackers, who can either sell the information to spammers and people involved with credit fraud, or hold the information for ransom.