Tuesday, May 5, 2009

Hackers Break Into Virginia Health Professions Database, Demand Ransom

Ask yourself this question. When my medical records are stolen and used for cash, or I can no longer get health insurance because my records have been corrupted and claims are made against my policy, or my vital information has been altered so that the information is no longer representative of me, what will Todd Davis of Lifelock, or Bo Holland of Debix, or Daryl Yurek of ID Watchdog do to help me? Will they provide me with ready access to attorneys who will represent me as a victim of Medical identity theft? Will they help me to sort out my records for accuracy, and help to amend my insurance claims history, and help to remove false claims from my records. Will they provide any assistance whatsoever for medical records fraud or theft, or ransom? I'm not attacking those individuals or their companies but they do not address the realities of identity theft beyond your credit report and new credit account requests.

Read on my friends,

Hackers Break Into Virginia Health Professions Database, Demand Ransom
From Brian Krebs The Washington Post

Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.
reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.
Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records:
"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The site, along with a number of other Web pages related to Virginia Department of Health Professions, remains unreachable at this time. Sandra Whitley Ryals, director of Virginia's Department of Health Professions, declined to discuss details of the hacker's claims, and referred inquires to the FBI.
"There is a criminal investigation under way by federal and state authorities, and we take the information security very serious," she said.
A spokesman for the FBI declined to confirm or deny that the agency may be investigating.
Whitley Ryals said the state discovered the intrusion on April 30, after which time it shut down Web site site access to dozens of pages serving the Department of Health Professions. The state also has temporarily discontinued e-mail to and from the department pending the outcome of a security audit, Whitley Ryals said.
"We do have some of systems restored, but we're being very careful in working with experts and authorities to take essential steps as we proceed forward," she said. "Only when the experts tell us that these systems are safe and secure for being live and interactive will that restoration be complete."
She added that the department does have a page online at
www.dhp.virginia.gov that lists the phone and fax numbers for various state health boards, and that the state would continue issuing health care licenses and investigating violations of the law or regulations of state health licensees. This is the second major extortion attack related to the theft of health care data in the past year. In October 2008, Express Scripts, one of the nation's largest processors of pharmacy prescriptions, disclosed that extortionists were threatening to disclose personal and medical information on millions of Americans if the company failed to meet payment demands. Express Scripts is currently offering a $1 million reward for information leading to the arrest and conviction of the individual(s) responsible for trying to extort money from the company


George Jenkins said...

Bravo! Excellent post, John.

The state of data security and identity protection is pretty weak, and the available products and services for consumers are nowhere near as comprehensive as they should be.

I've Been Mugged Blog

Jed said...

I agree with George. Data security is lagging so far behind creation of new technologies, we will be seeing instances like this many times in the near future.

Actually preventing identity theft from beginning is impossible! Identity thieves are smart and if they want your vital information, they will take it. The trick is putting a stop to it before it wreaks havoc with your entire life. Hopefully, soon, there will be better options than monitoring credit reports to prevent identity theft from ruining your personal finances. Identity theft protection services help with this, but saying you can flat-out prevent identity theft from starting in the first place is irresponsible.

Whether we like it or not, our personal data is out there for the world to take. When will encryption catch up with the times? Hopefully soon!

forex guides said...

Security is a matter of great concern in business and financial institutions

forex guides

Market Survey Companies said...

Really, very interesting text & business analysis. You have a nice blog. Keep it up!

Anonymous said...

A good post on prepaid legal.I did come across a blog http://israel.buildlastingsuccess.com. It’s all about starting home business based on insurance and legal plans for a 36 year old cash-rich company. It is publicly traded on the New York Stock Exchange, and reports directly to the Securities & Exchange Commission. Their 15 consecutive years of RECORD growth... is 100% verifiable!

Leo-Best home business opportunity