What we have here is a data breach of major proportions that's been turned into data-napping, as well. According to a post on WikiLeaks, which you may recall is an online database of leaked documents, the hackers are asking for $10,000,000 to release 8,257,378 patient records and a total of 35,548,087 prescriptions.
The hackers replaced the (more or less) secure site for the Virginia Prescription Monitoring Program
with the following ransom demand
"I have your sh*t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
One question we have is where did the backups go? An inside job, with the backups being deleted as well? Or what?
The site is still inaccessible at this done, as it was taken down after the hack.
While Sandra Whitley Ryals, director of Virginia's Department of Health Professions, acknowledged
the site was taken down because of the hack and that the FBI was involved, there was no confirmation as to if a data breach actually occurred.
"There is a criminal investigation under way by federal and state authorities, and we take the information security very serious.
"We do have some of systems restored, but we're being very careful in working with experts and authorities to take essential steps as we proceed forward. Only when the experts tell us that these systems are safe and secure for being live and interactive will that restoration be complete."
The hack occurred on April 30th. It's hard to believe something of this magnitude could actually happen, but you know, stranger things have happened
. All it takes is an opening, and in swoops a hacker.
Does anyone really, really doubt that real privacy is no longer something that can be counted on?