Feeds

Hackers demand $10m ransom for Virginia medical data

8.3 million records held hostage

Providing a secure and efficient Helpdesk

Almost 8.3 million patient records have been stolen from a Virginia government website that tracks prescription drug abuse, according to hackers who are demanding a $10 million ransom for their return.

"I have your shit!" the note, which was posted to Wikileaks read. "In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too."

The message said if officials didn't respond within seven days the information would be made available to whoever offered the highest bid. The story was first reported by Brian Krebs's Security Fix blog.

The claims could not immediately be verified. It stretches the imagination to believe outsiders could break into a state-run website and destroy both the original data and its backup, which presumably would be stored off-site. A spokeswoman from Virginia's Department of Health Professions didn't return a phone call seeking comment. She told Security Fix the website was shut following following the April 30 discovery of an intrusion. She never directly addressed whether sensitive data was stolen or deleted.

The Virginia PMP homepage remained unreachable at time of writing, and the state has temporarily discontinued email to and from the department, Security Fix said. An FBI spokesman in Richmond, Virginia told the Associated Press the agency was investigating a referral from the Virginia Information Technologies Agency. State police said they are assisting as well, the AP reported.

The episode is the latest cautionary tale to involve the mass storage of medical records in electronic form. When not secured properly, these are easier to steal than paper records. In November, pharmacy prescription processor Express Scripts offered a $1m bounty for information leading to the arrest of blackmailers who threatened to disclose stolen records belonging to millions of patients.

President Barack Obama has made the digitization of medical records a major pillar of his push to lower the cost of health care. Assuming the extortionists in this case aren't bluffing when they say they've acquired records belonging to almost 8.3 million people, electronic storage of such sensitive information comes with a cost that can be underestimated only at our peril. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.