'Hacker' threatens to expose health data, demands $10M
Days after a hacker claimed to have broken into a database and encrypted millions of prescription records at Virginia's Department of Health Professions, it remains unclear what happened.
Whistleblower Web site Wikileaks.org last Sunday carried a report from an anonymous poster who said that the secure site for Virginia's Prescription Monitoring Program (PMP) had been broken into by a hacker making a US$10 million ransom demand.
The alleged ransom note posted on the Virginia PMP site claimed that the hacker had backed up and encrypted more than 8 million patient records and 35 million prescriptions and then deleted the original data.
"Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh," the hacker is supposed to have said in his note, a copy of which was available on Wikileaks. "For $10 million, I will gladly send along the password," for decrypting the data, the supposed hacker wrote.
The expletive-laden note goes on to say that authorities have seven days to decide if they will "pony up" the money. If the ransom is not paid, "I'll go ahead and put this baby out on the market and accept the highest bid," the note says.
The hacker admits that while he is unsure about the worth of the data or who would want it, "I'm bettin' someone will. Hell, if I can't move the prescription data at the very least I can find a buyer for the personal data," the hacker said pointing to the fact that the data included patients' names, ages, addresses, Social Security and driver's license numbers.
A call seeking comment on the incident from the Virginia PMP program office was not immediately returned. A call to the Virginia State Police seeking confirmation on whether it is investigating the reported incident also was not immediately returned.
As of Wednesday, the main PMP Web site and all links on the site were unavailable.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
hack
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
