Hacker steals patient records in Virginia: demands $10M ransom
The FBI is currently investigating a $10 million ransom demand from a hacker, or a group of hackers, who, on April 30, appear to have broken in to the Virginia government site and stolen patient records that also records that track prescription drug abuse. About 8.3 million records were taken and were replaced by a message stating they had been stolen.
The person or people who stole the information gave the Virginia government 7 days, but they told no one and they did not pay; now the FBI is involved.
"This is a crime and it is being treated that way," Gov. Timothy M. Kaine said Wednesday.
Virginia asked for the FBI's help last week.
It is not known at this point if patient confidentially records are in danger of being sold on or not:
"I really can't make a declarative statement as to whether anyone's information is in jeopardy at this point," the official said.
but people would be notified if their information was breached.
The site WikiLeaks put up a message saying how the secure site was replaced with a $10 million ransom demand:
I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(
For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid.
The Prescription Monitoring Program is currently offline.
Sandra Whitley Ryals, director of the Virginia Department of Health Professions, which runs the program, confirmed Wednesday that a criminal investigation is underway into the potential security breach on April 30.
"We can assure the public that all precautions are being taken for DHP operations to continue safely and securely," Ryals said in a statement.
The government has assured everyone that they are doing everything they can, but it's not known if the information has been sold or not yet.
They claim the site is now secure.
Patient records include names, addresses, and social security numbers so on the black market would fetch a lot of money; this many records should be more than $10 million.
Fox sent an e-mail to the address in the ransom note, but it was not responded to.