Hacker Holds Virginia Hostage

[Gerry]

Hacker says he stole confidential medical data on 8 million Virginia residents

RICHMOND, VA – A Virginia government Web site was replaced last week with a ransom note from a hacker claiming he stole 8.3 million patients' personal and prescription drug information. The hacker says he wants $10 million for the safe return of the information.

The Virginia Prescription Monitoring Program's site tracks prescription drug abuse and contains 35.5 million prescriptions in addition to enrollees' personal information, such as names, social security numbers and addresses.

According to Wikileaks.org, an online clearinghouse for leaked documents, on April 30 the secure site for the Virginia Prescription Monitoring Program was replaced with the following ransom demand:

"Attention Virginia! I have your [expletive]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh For $10 million, I will gladly send along the password." (See sidebar for link to full note).

MORE

 

[JayB]

Is it only me that finds the ransom note somewhat hilarious?

 

[katherine]

And the government always wants more data on you. You bet I trust them :veryangry:

 

[Ridge]

question is will it be paid!

 

[fab]

What's next?

 

[south]

And the government always wants more data on you. You bet I trust them :veryangry:

Oh yeah!

What's next?

Dunno, but it's kinda scary to develop with anything other than pure html these days. Seems like nearly every web app & O/S can be broken into with relative ease. And if not, just socailly engineer a trojan onto the admin's computer to get the passwords.

 

[Gerry]

Staggering to think that the medical information of over 8 million people could or has been comprimised, especially in today's IT security.

This is just as if someone had stolen a laptop with nearly 20 million veterans personal data (yup, that happened).

All the tech security in the world CAN NOT keep someone out, especially if that someone works there in that very department.

Here's an true to life example - a women working in the billing department of a major 1200 bed hospital has access to personal records and data of every person who is admitted; and dies!

She fraudulently opened up new credit card accounts in the names of 8 deceased patients. By the time she is caught she runs up over $300K in goods, services, and merchandise in the deceased names in a span of about 2 years.

Your identity, personal information, credit worthiness is never completely 100% protected and never will be. As long as someone has access to such data then the data is never 100% secure.

So it really does not matter if it is law enforcement, government, healthcare, credit card company - if someone has intent, it is not safe.

 

[draggar]

This is why I love off-network backups - discs, tapes, etc..

It may be behind but if you back up on a weekly basis all you need to worry about is new stuff over the past week.