Hacker Holding Virginia Health Records for $10 million Ransom
A computer hacker wants $10 million for the return of more than 8 million patient records and 35.5 million prescriptions taken recently from a secure Web site for the Virginia Prescription Monitoring Program, reported the Web site Wikileaks.
Wikileaks says the hacker left a ransom note on the VPMP Web site which read: "I have your [stuff]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The VPMP Web site is used by pharmacists and other health officials to monitor prescription drug abuse. Virginia Department of Health Professions Director Sandra Whitley Ryals released a statement on Thursday confirming a criminal investigation is underway regarding the security breach.
"While DHP cannot comment directly on an ongoing investigation, we can assure the public that all precautions are being taken for DHP operations to continue safely and securely," she said.
Since DHP recognized the unauthorized message posed on the Web site, Ryals said, her department has been working closely with federal and state law enforcement. The DHP system has been shut down for the past week to "protect the security of the program data," she said.
"We are satisfied that all data was properly backed up and that these backup files have been secured," she said.
Ryals added that her office will share additional details in the coming days on the agency’s Web site.
M.A. Myers, media coordinator for the FBI field office in Richmond, VA, told HealthLeaders Media Tuesday, "In conjunction with the Virginia State Police, we are looking into the incident, but we aren't making any further comment beyond that. Unless there is a reason for us to have media attention, we generally don't comment on pending cases."
In October 2008, hackers accessed millions of electronic patient files held by Express Scripts Inc. and threatened to expose the records unless the drug benefits company paid a ransom. Scripts, the nation’s third-largest drug benefits manager, posted a $1 million reward for help catching the culprits, who remain at large.
John Commins is a senior editor with HealthLeaders Media.
- MU Compliance Announcement Sparks Concern, Confusion
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- Scary Financial Challenges for 2014
- MGMA Urges 'End-to-End' ICD-10 Testing
- 1 in 5 CT Screenings for Lung Cancer Results in Overdiagnosis
- Telehealth Improves Patient Care in ICUs
- LifePoint Bolsters Presence in Michigan's Upper Peninsula
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Douglas Hawthorne—A Chance to Do Something Big