Posted on May 6, 2009. Filed under: News And Politics... |

As technology becomes more advanced, unfortunately, crime advances as well.  Nowadays, you have to give up all your personal information for one reason or another.  This is one reason why I never give out my social security number to doctors’ offices, hospitals, etc.  Today’s hackers are getting as advanced as the technology they steal…

FBI Probes Hacker’s $10 Million Ransom Demand for Stolen Virginia Medical Records

Wednesday, May 06, 2009

The FBI is investigating a $10 million ransom demand by a hacker or hackers who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse, an FBI official confirmed Wednesday.

The state police in Virginia are also investigating the possible breach of confidential records.

The FBI official said the Virginia Information Technologies Agency (VITA) referred the case to the FBI last week, asking for help.

Asked whether people’s personal information is secure, the official said he couldn’t say.

"I really can’t make a declarative statement as to whether anyone’s information is in jeopardy at this point," the official said.

Asked whether people have been notified that their information may have been breached, the official said it would be up to VITA to do that.

• Click here to visit FOXNews.com’s Cybersecurity Center.

• Got tech questions? Ask our experts at FoxNews.com’s Tech Q&A.

The rogue government-transparency Web site WikiLeaks on Sunday put up a message that it said was posted Thursday on the front page of the Virginia Prescription Monitoring Program’s Web site.

"ATTENTION VIRGINIA," the message read in part. "I have your [expletive]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh 😦

"For $10 million, I will gladly send along the password. You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid."

The Virginia Prescription Monitoring Program’s Web site, http://www.pmp.dhp.virginia.gov/, was offline Wednesday afternoon. The Virginia Department of Health Professions, which runs the program, did not immediately reply to a request for comment.

As Michael Fitzpatrick, president and CEO of the NCX Group, a Newport Beach, Calif.-based computer-security consulting firm, explained, "If the story wasn’t true, the site would be back up."

The Washington Post’s Security Fix blogger, Brian Krebs, sought comment from the Department of Health Professions and was told:

"There is a criminal investigation under way by federal and state authorities, and we take the information security very serious."

The Department of Health Professions Web site had its own message: "The Virginia Department of Health Professions is currently experiencing technical difficulties which affect computer and email systems. We apologize for any inconvenience this may cause."

Laura Southerd, an official from the Virginia Department of Health, said the DOH is separate from the Department of Health Professions and uses different software to put up its Web site.

"The Prescription Monitoring Program Web site is now secure," she said. "But yes, something did happen."

Patient records could involve Social Security numbers, names and addresses — enough information for an identity-theft operation.

It’s not clear how much 8 million patient records would fetch on the black market, but Fitzpatrick thought it’d be much more than $10 million.

"That’s a real ‘Austin Powers’ moment," he said. "That’s $1.20 per name. You could get a lot more for those in Griffiths Park in Los Angeles."

But even amateurs might have found the Prescription Monitoring Program Web site easy to get into, he added.

"Many government sites don’t have the time or the money to fully check their code," Fitzpatrick explained. "And no offense, but the best security experts aren’t going to work for $60,000 for a state agency when they could make $200,000 in the private sector."

There was no immediate reply to an e-mail sent to the address specified in the ransom note.

FoxNews’ Bryan Boughton, Mike Levine, Mike Straka and Paul Wagenseil contributed to this report.




Make a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Liked it here?
Why not try sites on the blogroll...

%d bloggers like this: