backtop


Print 34 comment(s) - last by mindless1.. on May 11 at 9:00 PM

The state has refused to pay the $10M ransom demand

Days after it was revealed a hacker successfully compromised the Virginia Health database and stole records of more than 8 million patients; the state of Virginia announced it will not pay a requested $10 million ransom.

The database is used by pharmacies and doctors to track narcotics and painkiller prescriptions, in an attempt to reduce the amount of abuse, theft and illegal sales of popular prescription drugs.

Both the Virginia state police and FBI are looking into the matter, with Virginia Governor Timothy Kaine saying this is a "crime and it is being treated that way."

The state has refused to pay the ransom, and will instead rely on the FBI's investigation to locate and prosecute the people responsible for this data intrusion.

Since the breach last week, the Department of Health Professions shut down its computer network, and all data has been successfully backed up.  The DHP has issued a statement saying it can "assure the public that all precautions are being taken for DHP operations to continue safely and securely."

Hackers’ attempts to steal personal information or hold data for ransom has increased in popularity, with hackers routinely stealing Social Security Numbers and other personal information so it can be sold to identity thieves.  There is a growing concern over foreign-based hacker groups that are bankrolled by countries such as China and Russia, who are targeting U.S.-based computer networks.

The FBI hasn't said if they believe this data intrusion to be the work of foreign hackers, but it's a link they're likely looking into during the investigation.





Comments     Threshold


This article is over a month old, voting and posting comments is disabled

It just goes to show....
By AntiM on 5/8/2009 9:41:37 AM , Rating: 3
that governments and corporations can't be trusted to safeguard personal data. Electronic medical records??? hah!
"Don't worry VA citizens, we have backups of your personal data". Gee thanks, we weren't really all that worried about the fact that our personal information is now going up for sale.

I question the need for such a database anyway. Sounds more like government snooping and intrusion to me. If prescription drug abuse is so rampant in VA, they should probably be looking at the prescribing physicians more so than the 8 million people that aren't doing anything wrong.




RE: It just goes to show....
By mydogfarted on 5/8/2009 10:12:33 AM , Rating: 4
People that abuse pain meds will go to multiple doctors to get prescriptions, plus there are some corrupt doctors that will sell prescriptions to abusers. While all of this represents a minority of people in VA (I assume), having a central database helps minimize this problem. Not to mention things like potential drug interactions, etc.


RE: It just goes to show....
By Samus on 5/8/2009 1:55:05 PM , Rating: 4
Technically all doctors 'sell' drugs to patients. It's called a copay and it comes in the form of a prescription. Whether the drug is neccessary is the doctors sole descretion, and can not be challenged if within reasonable medical bounds. That's how medicine works, and thats why they (doctors) go to school for nearly a decade.


RE: It just goes to show....
By callmeroy on 5/8/2009 10:27:31 AM , Rating: 2
EMR is going to come here and be more popular as time drives on -- you can't stop it. You'd be pretty upset if you knew how disorganized our health records are right now in the vast majority of hospitals and doctors offices around the country. You joke about EMR records leading to them being hacked --- right now it be easier to physically obtain hard copies of medical records than it would be to hack an electronic one. I wish I was talking out my rear on this one but unfortunately I'm not -- its pretty un-nerving...btw...how do I have this insight.....I'm in Health Care IT...our firm works with nothing but consultancy projects for doctors offices and hospitals....

We see it all the time...


RE: It just goes to show....
By AntiM on 5/8/2009 1:22:01 PM , Rating: 2
The good thing about physical hard copy records is that as far as I know, nobody can steal millions at one time within a matter of seconds and then distribute them just as easy.

I don't mind electronic medical records provided I can be assured that they will be 100% safe from hackers and other fraudulent use. However, apparently, there's no way to make them 100% safe and unhackable. Therefore, sad as it seems, paper is more secure than digital.

I understand what you're saying, EMR is coming, and our privacy is going... Not much we can do about it.


RE: It just goes to show....
By jeff4IT on 5/8/2009 1:56:33 PM , Rating: 2
I agree there is huge privacy and identity theft potential in EMR.

Combined with a lack of a reliable patient identity verification process and you have a great opportunity for increase in health record theft by cyber criminals.

There is already a growing business for stealing medical information. In many cases identifying information is sold to desperate people who need care but don't have health insurance.

Unfortunately, the lack of EMR in the US leads to huge costs in health care. Also, more importantly, lack of patient information or inaccurate informaiton causes many thousands of deaths every year.

Saving lives will have to take precedence over privacy and theft. As patients we should demand that our government and health organizations set higher standards for protection of health data.

HIPAA is a good start but doesn't go far enough and isn't in touch with what modern security technology can delivery.


RE: It just goes to show....
By Alexvrb on 5/8/2009 10:25:27 PM , Rating: 2
VA is far from the only state participating in this program. It is perhaps the best way to track abuse of prescription drugs. It is unfortunate that we have to do this in the first place, as many people have a legitimate use for doctor-prescribed controlled substances (eg narcotic painkillers) from time to time.

The only real concerns I have are that they should protect the data better, and be more diligent about backups.

Oh, and to Mr. Barkoviak: thanks for putting the important details (second paragraph) in this one. The last article you wrote on this topic did not fully elucidate the actual damage or impact, which was not significant to citizens of VA. Unless of course, it contained something more valuable than names and prescription info. However, it is a substantial blow to the state government, or perhaps a wake up call.


"What would I do? I'd shut it down and give the money back to the shareholders." -- Michael Dell, after being asked what to do with Apple Computer in 1997
Related Articles













botimage
Copyright 2015 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki