Hackers Holding VA. Health Data for $10 Million Ransom
This is the first time we have heard of hackers stealing vital data then holding it for ransom. It certainly takes a certain level of chutzpah to steal millions of personal pharmaceutical records from the state of Virginia’s prescription drug database then demand $10 million. And, that is exactly what these emboldened hackers are doing.
The hackers claim to have accessed 8 million patient records and 35 million prescriptions collected by the Prescription Monitoring Program. They also sent along this message:
“For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid.”
Wow. We guess they won’t get very far. The FBI and Virginia State Police are actively searching for the culprit(s) and Gov. Tim Kaine issued this statement:
“This was an intentional criminal act against the commonwealth by somebody who was trying to harm others,” Gov. Timothy M. Kaine (D) said. “There are breaches that happen by accident or glitches that you try to work out. It’s difficult to foil every criminal that may want to do something against you.”
We ask our readers…have you all ever heard of a hacker holding data for ransom?
.gif)
Facebook
LinkedIn
Twitter
I have never heard of a hacker demanding ransom. How, exactly do they think they’re going to get paid? Perhaps an anonymous cash drop-off, or maybe they’ll just wire it to a personal account. I guess if criminals were smart, they wouldn’t be criminals. The really smart criminals run corporations.
The problem we are facing is program that have a good intentions such as the Prescription Monitoring Program that monitors for prescription abuse and collect data fields such as SSNs, DOBs, Drivers License Numbers, and other personal info that is used for law enforcement investigating abusers and doctors helping them. This info is also used by identity thieves as well to commit identity theft. The solution would be to remove SSNs and DOBs as identifiers. Databases are only as strong as the user that use them. Most ID theft would go away if we removed these universal identifiers especially when law enforcement has so many tools available to them. This is just pure laziness and complacency that is allowing ID thieves to steal our data.
You should check out 42 USC 666 that forces the states to use SSNs as a universal identifier for all licenses and other benefits. Millions of people are being impacted by this law per day because government employees and contractor that work for the state or local goverment have easy access for stealing this info in the course of their business.
Solution would be to remove this bad laws such as 666 and REAL ID. They were poorly thought out laws that never thought of the implications of what unintended consequences may result.
for more info you can check out our site:
http://crispe.org/blog
Rob
In October 2008, Express Scripts reported an extortion demand based on threat of publication of prescription records, and a number of their clients received subsequent extortion demands. Although they have not explicitly confirmed it was a hacker who obtained the records, descriptions that they published are consistent with the notion.
In 2008, a man hacked into Maserati’s database and attempted to extort money from them on threat of publicizing the breach. He was apprehended.
In 2006, there was a rash of reports of email accounts being hijacked by hackers who demanded ransom to return emails and contacts.
In 2005, an unnamed corporation reported an extortion attempt after hackers managed to lock up important files and spreadsheets and demanded a ransom to give them the keys to unlock the files.
In 2000, CDUniverse refused to pay a hacker’s ransom demand and the hacker then started publishing customer info on the web.
Those are just some examples. Ransom demands really are not new.