Monday, May 11, 2009

$10 million ransom demand for Virginia patient data

A hacker claims to have broken into a Virginia state website -- the Virginia Prescription Monitoring Program (PMP) used by pharmacists to track prescription drug abuse -- deleted records of more than 8 million patients, and has offered to replace the data for $10 million. The hacker posted a ransom note on the PMP website:

"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."

The Virginia Department of Health Professionals, which operates the site, admits that it has yet to receive computer security upgrades ordered five years ago, in 2004 by then-Governor Mark Warner. The agency said that because of its small size, it was among the last on the list to receive the security upgrades.

"Official: Hacked agency missing security upgrade," Washington Examiner, May 10, 2009, at; "Hackers Break Into Virginia Health Professions Database, Demand Ransom," Washington Post, May 4, 2009, at; "Hacker demands $10M ransom from Virginia," UPI, May 8, 2009, at

No comments: