Virginia Officials Begin to ID, Notify Hacker's Victims

HealthLeaders Media Staff, May 13, 2009

Virginia state officials have begun the arduous task of identifying people who may be affected by the theft of medical and personal data that was stolen from a state Web site by a computer hacker, who is now demanding a $10 million ransom.

"They're in the beginning process of going through the data base," says Kathy Siddall, a spokeswoman for the Virginia Department of Health Professions. She says the internal investigation so far indicates that no other state Web site was hacked.

While there is no tally yet on the numbers of people impacted by the breach, Siddall says advisory letters may soon be mailed to people whose Social Security numbers and other personal data may have been compromised. "The Social Security number is the main thing we’re concerned about," she says.

Siddall declined to update the criminal investigation and referred inquiries to the Richmond, VA office of the FBI, where a media spokesman official would only say that "the investigation is ongoing." 

The hacker broke into the Virginia Prescription Drug Monitoring program Web site last month and left a ransom note that read: "I have your [stuff]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."

Despite the hacker's claims, Siddall says it's not clear how many records were breached at the site, which is used by pharmacists and other health officials to monitor prescription drug abuse. "The number of records doesn't necessarily equate to the number of individuals in the database. An individual could have more than one prescription," she says.

The VPMP Web site has been closed since the breach, but the state hopes to reopen it soon. "We are in the process of doing that," Siddall says. "I would expect you are going to see it up very soon, but I don't have a date on that."

Facebook icon
LinkedIn icon
Twitter icon