Washington – The case involves a snatching, a message and a ransom demand. Yet it’s not a person that may have been kidnapped, but millions of personal health records held by the commonwealth of Virginia.
Join our WhatsApp groupSubscribe to our Daily Roundup Email
The rogue government-transparency Web site WikiLeaks on Sunday posted a message that had been purportedly posted Thursday on the front page of the Virginia Prescription Monitoring Program, which makes sure state residents aren’t being overprescribed drugs.
“ATTENTION VIRGINIA,” the message read in part. “I have your [expletive]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh 🙁
“For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid.”
The Virginia Prescription Monitoring Program’s Web site is indeed offline: http://www.pmp.dhp.virginia.gov/
The Washington Post’s Security Fix blogger, Brian Krebs, sought comment from the Virginia Department of Health Professions and got only this as a reply:
“There is a criminal investigation under way by federal and state authorities, and we take the information security very serious [sic].”
The Department of Health Professions Web site had its own message: “The Virginia Department of Health Professions is currently experiencing technical difficulties which affect computer and email systems. We apologize for any inconvenience this may cause.”
It seems unlikely that a solo hacker could break into a government agency’s computers, copy all its data and delete the originals — and that the government agency wouldn’t have any backups.
But it’s been nearly a week since the original break-in and so far there’s nothing to indicate otherwise.
Patient records would probably involve Social Security numbers, names, addresses and enough other identifying details to set up phony credit-card accounts. It’s not clear how much 8 million of them would fetch on the black market.
An e-mail sent to the address specified in the ransom note was not immediately replied to
and does he want the money? how can he get it without being caught? I wonder.
Best to live off the grid if you can.
and why not nationalize health care so that this can happen to all Americans???
… and why is not likely that one person did it on his own throughout history there were many hackers that took down systems on their own!