TECH.BLORGE.com
VISTA.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

May 7, 2009 |

Hacker holds Virginians’ health records hostage

By Dave Jeyes





Hacker holds Virginians’ health records hostage A hacker is demanding $10 million in return for the health records of over 8.3 million Virginia residents pertaining to over 35 million prescriptions. With a population just shy of 8 million people, this could mean that virtually every Virginian’s health information is at risk.

The records were lifted from Virginia’s Prescription Monitoring Program (PMP) database. The database was set up in late 2007 to prevent patients from filling multiple prescriptions for items such as painkillers from different doctors.

When program administrators logged into the site on April 30, they received the ransom note. The demands (below) were also posted on anonymous document site Wikileaks:

I have your s***! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.

Virginia Governor Timothy Kaine reacted harshly to the demands asking, “They really think they’ll get anything out of this? Not a chance.”

The Prescription Monitoring Program is administered by the Virginia Department of Health Professionals. DHP Director Sandra Whitley Ryals says, “while DHP cannot comment directly on an ongoing investigation, we can assure the public that all precautions are being taken for DHP operations to continue safely and securely.”

In Virginia, the law requires the victims of such a records breach to be notified “without unreasonable delay.” However Kaine defends the keeping of the names a secret as, “there is an aspect of this investigation that plays into when notification can take place.”

With the sheer number of records downloaded from the DHP’s database, it’s quite possible that this breach affects everyone that’s filled a prescription in Virginia in the last 18 months since the program started. So far the agency has been mum for a week and has yet to uncover the identity of the attacker.

Related:

  • Microsoft, several others endorse bill on e-health records incentives
  • MySpace friend collector Tom Anderson started life as a hacker
  • A Chilean hacks and posts the info on 6 million people
  • Health "social network" for medical records, doctors, insurers to better coordinate
  • The RIAA lawsuit rampage continues, sues Usenet.com




    • Sign up for the BLORGE daily email newsletter

    Entry was posted on Thursday, May 7th, 2009 at 9:17 am under Hacking, Health, Security, Technology.

    Read more entries by Dave Jeyes.
    StumbleUpon Toolbar Stumble It!

    One Response to “Hacker holds Virginians’ health records hostage”

    1. Joshua:
      May 8th, 2009

      How does he expect to get paid? Without getting caught?

      If they have the encrypted files, They could possible Brute force it, but that could take years. :(

    Leave a Reply:

    Copyright © 2008 Engaging and compelling blogs that entertain and inform