IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Cyber-Criminal Demands $10 Million Ransom After Breaching Virginia Medical Records

The FBI is searching for a malicious hacker who infiltrated the Virginia Prescription Monitoring Program and is threatening to sell medical information to the highest bidder.

The FBI and the Virginia State Police are on the hunt for a malicious hacker who breached millions of medical records last week and is now threatening to sell them unless someone forks over $10 million.

The breach was originally reported on WikiLeaks, a site that publishes and comments on reports of leaked documents. According to the site, when people logged on to the Web site of the Virginia Prescription Monitoring Program on April 30, they saw a ransom note containing the following information:

"I have your s@*t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(

"For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid."

The note's author threatened to sell the information to the highest bidder if the money isn't turned over.

Thursday was the purported deadline for the ransom.

Virginia Gov. Tim Kaine Infuriated

The Virginia Prescription Monitoring Program Web site, which pharmacists use to track drug prescriptions to monitor narcotics abuse, is currently offline while authorities investigate the problem, the Daily Mail reported Thursday.

ABC 7 News also reported Thursday that Virginia Gov. Tim Kaine told The Associated Press that he was infuriated by the acts and that the state won't make the payments.

Health officials called the FBI after viewing the ransom demand on the Web site last week.

If more than 8 million patient records are up for grabs, this could be a spectacularly huge problem for most of Virginia's residents. According to the U.S. Census Bureau, Virginia was home to 7.8 million people in 2008.

Sandra Whitley Ryals, director of the Virginia Department of Health Professions, told the Daily Mail that her department is satisfied that all the data was properly backed up.

 

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.
Special Projects
Sponsored Articles
  • How the State of Washington teamed with Deloitte to move to a Red Hat footprint within 100 days.
  • The State of Michigan’s Department of Technology, Management, and Budget (DTMB) reduced its application delivery times to get digital services to citizens faster.

  • Sponsored
    Like many governments worldwide, the City and County of Denver, Colorado, had to act quickly to respond to the COVID-19 pandemic. To support more than 15,000 employees working from home, the government sought to adapt its new collaboration tool, Microsoft Teams. By automating provisioning and scaling tasks with Red Hat Ansible Automation Platform, an agentless, human-readable automation tool, Denver supported 514% growth in Teams use and quickly launched a virtual emergency operations center (EOC) for government leaders to respond to the pandemic.
  • Sponsored
    Microsoft Teams quickly became the business application of choice as state and local governments raced to equip remote teams and maintain business continuity during the COVID-19 lockdown. But in the rush to deploy Teams, many organizations overlook, ignore or fail to anticipate some of the administrative hurdles to successful adoption. As more organizations have matured their use of Teams, a set of lessons learned has emerged to help agencies ensure a successful Teams rollout – or correct course on existing implementations.