The Hackers Could Possibly push the move for PHRs – Medical Records Hacked in Virginia Department of Health Professions computer
Posted May 05 2009 5:11pm
When all else fails, your PHR could stand to be a back up. This is a strange case though as the extortion note says he wants to sell the medication information, well a lot of that has already been sold anyway by pharmacy benefit managers to insurance companies; although the demographics information could be a big risk.
The FBI is in on the investigation and it will be interesting to see how this one washes out. This really makes a case to get the old law off the books with the MRIs not being updated too. Everything better have some kind of protection.
State and federal authorities are investigating a possible extortion demand that seeks $10 million for the safe return of more than 8 million patient records and 35 million prescription records that allegedly were hacked last week from the Virginia Department of Health Professions computers.
An extortion note posted on WikiLeaks, a Web site that publishes anonymous submissions and leaks of sensitive government and corporate information, reads:
"ATTENTION VIRGINIA I have your [stuff]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :("
The note demands $10 million within seven days, but it does not say from what date the count began. Hackers apparently infiltrated the health professions' computers last Thursday.
M.A. Myers, a spokesman for the Richmond office of the FBI, confirmed late today that an investigation has begun but declined to provide specifics. He said the FBI received a referral from the Virginia Information Technologies Agency.
The ransom-note writer said if the money isn't paid in seven days, "I'll go ahead and put this baby out on the market and accept the highest bid."
If the prescription data can't be sold, the writer says, then "at the very least I can find a buyer for the personal data" -- which the note says includes names, ages, Social Security numbers and driver's license numbers.