According to reports, a hacker has stolen millions of medical records from a US government website and is currently demanding $10million for their return.
The records, which were reportedly taken from the Virginia Prescription Monitoring Program’s website on 30th April, are said to contain patient’s social security and driving licence numbers as well as names, addresses and a certain amount of medical information.
The program itself is used by doctors, pharmacists and other medical personnel operating in the state to monitor the prescription of controlled substances as a means of preventing drug abuse.
The hacker claims to have just under 8.3 million patient records and 35.6 million prescription records in his possession and has threatened to sell the data to the highest bidder if his $10million ransom is not met within 7 days.
Reports suggest that the hacker deleted both the live and backup files from the Virginia Prescription Monitoring Program’s website and replaced the homepage with a ransom note stating his demands.
”I have your [censored]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(
”For $10 million, I will gladly send along the password. You have 7 days to decide...”
While state officials have not confirmed any details relating to the breach, the program’s website has been unavailable since the reported incident and the FBI are said to be in the process of investigating.
"There is a criminal investigation under way by federal and state authorities, and we take the information security very seriously" commented Sandra Whitley Ryals, director of Virginia’s Department of Health Professions.
