Saturday, May 09, 2009

$10 Million Ransom for Hacked Records? YES!

Virginia leading the way in what, sensitive data losses?!

Yes the tragedy continues. Now data is basically hacked by "Cyber Pirates," people who seize massive data bases and try to get ransom for returning them.

Fox News Thursday, May 07, 2009. "The FBI is investigating a $10 million ransom demand by a hacker or hackers who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse, an FBI official confirmed Wednesday. The state police in Virginia are also investigating the possible breach of confidential records."

According to Government Technology:

"The breach was originally reported on WikiLeaks, a site that publishes and comments on reports of leaked documents. According to the site, when people logged on to the Web site of the Virginia Prescription Monitoring Program on April 30, they saw a ransom note containing the following information:

"I have your s@*t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(

"For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid."

The security of critical information is normally a very low priority in state and federal government because there are no lobbying and interest groups advocating for information security.

More importantly, there is no massive campaign funding going to candidates for pubic office coming from any PAC's or lobbying groups to secure critical data.

The BIG question? Is this a precursor of what will happen to all of our medical records when they are put on the Internet?

The second question. Will the provider of the software and web service for storing and managing this sensitive data be liable for this or will they get off scott-free as they usually do?

By the way the web site Welcome to the Prescription Monitoring Program http://www.dhp.state.va.us/dhp_programs/pmp/default.asp is down and cannot be accessed.

Labels: , , ,

0 Comments:

Post a Comment

<< Home

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft