Print 34 comment(s) - last by mindless1.. on May 11 at 9:00 PM

The state has refused to pay the $10M ransom demand

Days after it was revealed a hacker successfully compromised the Virginia Health database and stole records of more than 8 million patients; the state of Virginia announced it will not pay a requested $10 million ransom.

The database is used by pharmacies and doctors to track narcotics and painkiller prescriptions, in an attempt to reduce the amount of abuse, theft and illegal sales of popular prescription drugs.

Both the Virginia state police and FBI are looking into the matter, with Virginia Governor Timothy Kaine saying this is a "crime and it is being treated that way."

The state has refused to pay the ransom, and will instead rely on the FBI's investigation to locate and prosecute the people responsible for this data intrusion.

Since the breach last week, the Department of Health Professions shut down its computer network, and all data has been successfully backed up.  The DHP has issued a statement saying it can "assure the public that all precautions are being taken for DHP operations to continue safely and securely."

Hackers’ attempts to steal personal information or hold data for ransom has increased in popularity, with hackers routinely stealing Social Security Numbers and other personal information so it can be sold to identity thieves.  There is a growing concern over foreign-based hacker groups that are bankrolled by countries such as China and Russia, who are targeting U.S.-based computer networks.

The FBI hasn't said if they believe this data intrusion to be the work of foreign hackers, but it's a link they're likely looking into during the investigation.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

Wha if...
By AnnihilatorX on 5/8/2009 9:00:00 AM , Rating: 5
If a state pays the hacker the ransom, public won't be notified about it any ways because it shows a sign of weakness of the government side.

No I am not saying they actually pay the hacker ransom, nor that I believe so. I am saying the announcement is as expected as many public announcements on such matters.

But I do think hackers would have more success in demanding ransoms from private companies than a government organisation.

RE: Wha if...
By Jargo on 5/8/2009 9:19:05 AM , Rating: 2
Key thing to ransoming a goverment is secrecy.
A goverment cant risk loosing face, so they will consider paying as long as the whole subject is done in secret BUT once it goes public they have to tough it out.

RE: Wha if...
By Meinolf on 5/8/2009 10:29:53 AM , Rating: 2
He should have done a lower amount he was too greedy.

RE: Wha if...
By ebakke on 5/8/2009 10:31:54 AM , Rating: 4
He should have gotten a $#*%ing job.

RE: Wha if...
By EasyC on 5/8/2009 12:09:21 PM , Rating: 5
No, he should have started a company and then asked for a bailout.

RE: Wha if...
By PlasmaBomb on 5/9/2009 4:53:58 AM , Rating: 2

RE: Wha if...
By sprockkets on 5/8/2009 3:24:06 PM , Rating: 2
Maybe if he asked for "One million dollars" ...

RE: Wha if...
By Jacerie on 5/8/2009 7:28:21 PM , Rating: 3
Don't forget the shark with a frickin' laser on its head!

RE: Wha if...
By mindless1 on 5/9/2009 9:38:21 PM , Rating: 2
Seems simple, that they'd hide it, but there's accountability, book keeping where $10M vanished. Who is accountable for lying about where an extra $10M went?

If nobody lies about spending more than a project costs, the public would find out $10M was missing then the state says they wanted to keep it a secret? Would've been worse than paying publicly or not paying at all.

Or what?
By Digimonkey on 5/8/2009 9:42:04 AM , Rating: 5
What's he going to do with the database? Release it to spammers who will give you better deals on your meds?

RE: Or what?
By Fracture on 5/8/09, Rating: -1
RE: Or what?
By bldckstark on 5/8/2009 12:43:45 PM , Rating: 1
I think this issue is overrated. All of my grandparents, and my parents, uncles and aunts have died from cancer. It is pretty easy to determine what I will die from, but they don't deny me medical coverage. Insurance rates are based on statistical analysis of total cost of covering the population, not individual health concerns.

If your significant other doesn't know you have an STD, or had one in the past, then you have bigger problems than worrying about them finding out from a hacker. You think the hacker is going to look up everybody's girlfriends and wife's name and address and mail them a note? Even if they did, do you think they would believe it?

Regardless of hackers selling negative information, can you tell me who is not receiving medical care in this country? I know people who haven't paid a medical bill in 10 years. They go to the hospital, get fixed up, and the govt. pays the bill. Why do we need national health care, when nobody gets turned away as it is?

RE: Or what?
By jeff4IT on 5/8/2009 2:10:10 PM , Rating: 3

I think you aren't seeing the real problems. Previous conditions and related coverage denial are only a small part of the problem.

Lots of people don't get health care in the US. You are correct that those needing urgent life saving care are admitted and receive care. But only for very immediate serious or urgent conditions. Examples: Serious = heart attack. Urgent = broken bone. Not covered = cancer.

What happens is that simple conditions for patients without health insurance go untreated because the hospitals won't (can't) do it. Those simple conditions left untreated get worse until they are life threatening and then the patient is admitted and must be provided much more expensive and lenghty treatment.

This is the true cancer of our health system in the US. Extending coverage, no matter how its done, will drive down the overall cost of health care. It will also increase the quality of life for millions.

There is one more hidden issue. If these records are sold and someone uses your information to receive care, you are going to be responsible for the bill. It happens EVERY DAY and causes many to go into bankruptcy if they can't prove it wasn't they who received the care.

Also, after someone has used your insurance fraudulantly and your health record has incorrect information in it, you have absolutely no legal rights to have it corrected. This has also lead to many deaths because the bad data in the health record lead to incorrect care.

RE: Or what?
By Lord 666 on 5/8/2009 4:45:04 PM , Rating: 2
Your logic is severly flawed; both personally and of the larger picture.

Personally - While there are heriditary risks for cancer (CA), there is much you can controll as well. Do you smoke, eat poorly, or avoid preventive medicine? Two of the goals to migrating to EHR is prevention of illness based on health indicators and controlling existing long term illness (HIV included)

On the macro level, the patient identifiers are more useful for financial gain than notifying your girlfriend you have crabs or still wet your bed. Because of intergrated billing systems in most EHRs, along with medical history, managed healthcare plans communicate social security numbers, address, telephone number, date of birth.... you know all of the stuff people use normally use to legitimately establish credit.

On a side note, your free loading friends are costing the system more than you realize. Forget the initial bill for rendered services at the hospital (bet they all were concerned about swine flu in the ER), its their lack of preventive medicine that will cost more money in the long run due to poor nutrition and negligent risk factors such as smoking and illicit drug use.

While my condolences to your family, you are in control of yourself along with your destiny. My own father just started treatment for metastatic melanoma that spread to the liver. Statistically, he's got a 9-15% chance past five years if he makes it that far and just started chemo.

RE: Or what?
By mindless1 on 5/9/2009 9:51:17 PM , Rating: 2
Funny, it seems your logic is even more severely flawed. People so poor they can't pay for medical treatment aren't just "choosing" not to have preventative treatments, and there aren't actually many truely useful preventative treatments.

One cannot just choose not to smoke or do illicit drugs (where in the world do you get the idea to throw drug use in, it is not in itself linked to cancer?, nor most other illnesses rather poor nutrition would be in such users) and think this will substantially lower their healthcare costs.

Consider the opposite, if someone has poor health and dies the first year they're diagnosed instead of handing in there for 10 more years then still dying, WHO COST MORE TO COVER? You really have no clue about cost.

You are not in control of your destiny so much. People who do everything they can to be healthy, WILL, STILL, DIE, unless we have some really huge medical breakthroughs in the future. At whatever point they become deathly ill they will incur associated expenses.

You made some huge leap about "free loading friends" necessarily having poor nutrition also, it seems all you wanted was to create a stereotype to align with an overgeneralized idea that you are more responsible than a fictional character instead of specific people.

RE: Or what?
By Lord 666 on 5/11/2009 2:03:15 AM , Rating: 2
Hey mindless/clueless,

Guess you are not in the public health vertical. Thought of you when I read this - Diabetes is a chronic illness with very few people dying within 1 years time of diagnosis, like the example you gave on what is less costly. It is by far cheaper to 1. prevent diabetes and to 2. control diabetes than letting it spiral out of control.

So you are saying people do not have a choice to stop smoking or avoid doing illicit drugs? You say there isn't a connection between illicit drugs and CA? Just using google versus medical journals to make it easier for you to read them





RE: Or what?
By mindless1 on 5/11/2009 9:00:49 PM , Rating: 2
No moron, I am not saying people don't have a choice not to smoke or do drugs, I am saying you have no clue about the fact that while it may decrease that individual's quality of life, it may not raise their cost for healthcare at all.

People who live in poor health die younger on average. This is a COST SAVINGS. You display total ignorance for not recognizing that measures that keep people alive for as long as possible, cause them to live a long time during the last years of their life when they can't even feed themselves, bathe, or change their own underwear.

You know diddly about healthcare, costs, or responsibility. You simply read something somewhere and stopped learning because you were too busy to bother getting more information, let alone THINK about things instead of regurgitating what you'd hoped you had memorized.

PS - next time you go near a school, take a reading for comprehension course.

RE: Or what?
By mindless1 on 5/9/2009 9:42:26 PM , Rating: 2
You fail to see why they don't deny you medical coverage.

ALL people are expected to die, and none of them can necessarily be expected to die suddenly without costly medical bills. Whether it be cancer or heart disease or whatever, the key to their insurance system is to rake in the money and invest it, not only insuring what seem like the healthiest people because they too, will die, and if they live longer then their elderly years of heathcare costs tend to be higher than average.

RE: Or what?
By afkrotch on 5/8/2009 11:05:42 AM , Rating: 2
Sell it to identity thieves. They in turn will use all that information to get loans, credit cards, etc.

Next thing you know, those who were victimized have thousands of dollars in debt that they didn't create.

It just goes to show....
By AntiM on 5/8/2009 9:41:37 AM , Rating: 3
that governments and corporations can't be trusted to safeguard personal data. Electronic medical records??? hah!
"Don't worry VA citizens, we have backups of your personal data". Gee thanks, we weren't really all that worried about the fact that our personal information is now going up for sale.

I question the need for such a database anyway. Sounds more like government snooping and intrusion to me. If prescription drug abuse is so rampant in VA, they should probably be looking at the prescribing physicians more so than the 8 million people that aren't doing anything wrong.

RE: It just goes to show....
By mydogfarted on 5/8/2009 10:12:33 AM , Rating: 4
People that abuse pain meds will go to multiple doctors to get prescriptions, plus there are some corrupt doctors that will sell prescriptions to abusers. While all of this represents a minority of people in VA (I assume), having a central database helps minimize this problem. Not to mention things like potential drug interactions, etc.

RE: It just goes to show....
By Samus on 5/8/2009 1:55:05 PM , Rating: 4
Technically all doctors 'sell' drugs to patients. It's called a copay and it comes in the form of a prescription. Whether the drug is neccessary is the doctors sole descretion, and can not be challenged if within reasonable medical bounds. That's how medicine works, and thats why they (doctors) go to school for nearly a decade.

RE: It just goes to show....
By callmeroy on 5/8/2009 10:27:31 AM , Rating: 2
EMR is going to come here and be more popular as time drives on -- you can't stop it. You'd be pretty upset if you knew how disorganized our health records are right now in the vast majority of hospitals and doctors offices around the country. You joke about EMR records leading to them being hacked --- right now it be easier to physically obtain hard copies of medical records than it would be to hack an electronic one. I wish I was talking out my rear on this one but unfortunately I'm not -- its pretty do I have this insight.....I'm in Health Care IT...our firm works with nothing but consultancy projects for doctors offices and hospitals....

We see it all the time...

RE: It just goes to show....
By AntiM on 5/8/2009 1:22:01 PM , Rating: 2
The good thing about physical hard copy records is that as far as I know, nobody can steal millions at one time within a matter of seconds and then distribute them just as easy.

I don't mind electronic medical records provided I can be assured that they will be 100% safe from hackers and other fraudulent use. However, apparently, there's no way to make them 100% safe and unhackable. Therefore, sad as it seems, paper is more secure than digital.

I understand what you're saying, EMR is coming, and our privacy is going... Not much we can do about it.

RE: It just goes to show....
By jeff4IT on 5/8/2009 1:56:33 PM , Rating: 2
I agree there is huge privacy and identity theft potential in EMR.

Combined with a lack of a reliable patient identity verification process and you have a great opportunity for increase in health record theft by cyber criminals.

There is already a growing business for stealing medical information. In many cases identifying information is sold to desperate people who need care but don't have health insurance.

Unfortunately, the lack of EMR in the US leads to huge costs in health care. Also, more importantly, lack of patient information or inaccurate informaiton causes many thousands of deaths every year.

Saving lives will have to take precedence over privacy and theft. As patients we should demand that our government and health organizations set higher standards for protection of health data.

HIPAA is a good start but doesn't go far enough and isn't in touch with what modern security technology can delivery.

RE: It just goes to show....
By Alexvrb on 5/8/2009 10:25:27 PM , Rating: 2
VA is far from the only state participating in this program. It is perhaps the best way to track abuse of prescription drugs. It is unfortunate that we have to do this in the first place, as many people have a legitimate use for doctor-prescribed controlled substances (eg narcotic painkillers) from time to time.

The only real concerns I have are that they should protect the data better, and be more diligent about backups.

Oh, and to Mr. Barkoviak: thanks for putting the important details (second paragraph) in this one. The last article you wrote on this topic did not fully elucidate the actual damage or impact, which was not significant to citizens of VA. Unless of course, it contained something more valuable than names and prescription info. However, it is a substantial blow to the state government, or perhaps a wake up call.

Auction starting .... now
By Jargo on 5/8/2009 9:13:01 AM , Rating: 3
Hope he posts how much money he got from selling the data.
Would be interresting to hear if he got more than the 10mil he was aiming for although i wouldnt bet on that.

RE: Auction starting .... now
By callmeroy on 5/8/2009 10:31:42 AM , Rating: 1
I see no humor at all in people's health and long term care being in jeopardy...let alone millions.

The only thing i'd like to see is this criminal behind bars , then let's auction off his sentence...

RE: Auction starting .... now
By ClownPuncher on 5/8/2009 12:18:35 PM , Rating: 5
Or...just find him and shoot him in the face.

RE: Auction starting .... now
By mindless1 on 5/10/2009 1:49:52 AM , Rating: 1
It is sad when someone lacks an ability to deal with reality so much that violence, even as a troll, seems a simple solution.

What if the day comes that someone says the same about trolls? Oh well, it wasn't much of a loss?

Treat them as terrorists
By Rob94hawk on 5/8/2009 10:25:08 PM , Rating: 3
I consider this a terrorist tactic and they should be treated as terrorists and punished as terrorists. Even if it results in execution.

RE: Treat them as terrorists
By mindless1 on 5/10/2009 1:54:56 AM , Rating: 1
Then you are an idiot. Terrorists are those who seek terror, not those who hack and seek money.

You remind me of the dumbasses who try to equate copyright violation with stealing because they can't wrap their head around basic fundamental definitions of small simple words.

Maybe you were being facetious, in which case the very thing you remark about you are furthering by slinging around the idea that terrorist witch hunts are a justification for anything. Point being, some people obviously took these things seriously or we wouldn't be in the situation we are in, an inside joke can be misinterpreted and you should know that by now via evidence of the way people are acting.

Couldn't resist
By Swetko on 5/8/2009 1:00:38 PM , Rating: 3
As I was reading this article I got an e-mail from the Health Services at my university notifying us of a computer breach that resulted in the theft of personal information from their databases....

Ironic, isn't it.

Just wait...
By CosmoJoe on 5/8/2009 12:31:21 PM , Rating: 2
Just wait until the Government is running the entire healthcare system, where politics, back room deals and cronyism get you places, versus actually having to be able to do your job and answer to someone.
In a private company, mistakes like this can destroy a business. In the case of the Government, nothing happens since the US Taxpayer is backstopping the entire operation.

"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki