Monday, May 11, 2009

$10 million ransom demand for Virginia patient data

A hacker claims to have broken into a Virginia state website -- the Virginia Prescription Monitoring Program (PMP) used by pharmacists to track prescription drug abuse -- deleted records of more than 8 million patients, and has offered to replace the data for $10 million. The hacker posted a ransom note on the PMP website:

"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."

The Virginia Department of Health Professionals, which operates the site, admits that it has yet to receive computer security upgrades ordered five years ago, in 2004 by then-Governor Mark Warner. The agency said that because of its small size, it was among the last on the list to receive the security upgrades.

"Official: Hacked agency missing security upgrade," Washington Examiner, May 10, 2009, at; "Hackers Break Into Virginia Health Professions Database, Demand Ransom," Washington Post, May 4, 2009, at; "Hacker demands $10M ransom from Virginia," UPI, May 8, 2009, at

Tuesday, May 5, 2009

Court rules on knowing standard in identity theft cases

The U.S. Supreme Court ruled that persons who use fake identification numbers to commit other crimes must know they belong to a real person to be subject to a two-year sentence extension for “aggravated identity theft.” The ruling came in a federal identity theft case concerning illegal immigrants who used false social security numbers to obtain employment.

See, "Justices Limit Use of Identity Theft Law in Immigration Cases," New York Times, May 4, 2009, at; "Supreme Court limits identity theft law," Los Angeles Times, May 5, 2009, at,0,7732350.story.