Virginia Department of Health hacked

News

  • 21 May 2009
Jon Hoeksma
December 1, 2016

An attack on the Virginia Department of Health Professionals (VDHP) website, resulted in a prescriptions website being hacked and a $10m ransom demand for the return of millions of allegedly stolen patient records.

US press reports and blogs say the attack involved over eight million electronic patient records and some 35m prescription records. That an attack had happened was confirmed by VDHP which immediately suspended all its servers.

According to an Information Week report, the alleged attack saw a hacker claim to download eight million patient records, erase the records from the VDGP servers, and then demand a $10m ransom for the return of the files.

The Wikileaks website reported that the Web site for the Virginia Prescription Monitoring Program had been defaced with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file. VDHP says proper backups were in place.

According to a report by the Richmond Times Dispatch, on 31 April all 36 servers storing the state agency’s records were shut down after a midday message popped up on some computer screens that claimed the system was being hacked.

Sandra Whitley Ryals, director of the Virginia Department of Health, said in a 6 May statement. “A criminal investigation is currently underway regarding a potential security breach of the Virginia Department of Health Profession’s (DHP) Prescription Monitoring Program on Thursday, April 30.”

The statement continued: “The entire DHP system was shut down since Thursday to protect the security of the program data, and state authorities including the Virginia Information Technologies Agency (VITA) and the Virginia State Police were notified immediately upon identifying the potential breach. We are satisfied that all data was properly backed up and that these backup files have been secured.”

The claimed attack is the second to be reported by the Wall Street Journal in the past year. In October 2008, Express Scripts, a processor of pharmacy prescriptions, said extortionists were threatening to disclose the personal and medical information of millions of US citizens if the company failed to meet payment demands. Express Scripts is now said to be offering a $1m reward for information leading to the arrest and conviction of those responsible.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Slovenia rolls out e-health card

Next News

Study finds issues with stroke triage

Related News

Joe McDonald: NHS IT’s failed patient safety culture needs radical change
Opinion June 20, 2024

Joe McDonald: NHS IT’s failed patient safety culture needs radical change

An approach by a BBC journalist has Joe McDonald wondering what it will take to end the NHS scandal of flawed computer systems wasting public…
NHSE guidance asks systems to continue levelling up of digital maturity
News April 1, 2024

NHSE guidance asks systems to continue levelling up of digital maturity

In its 2024/25 priorities and operational planning guidance, NHSE has asked systems to continue supporting the levelling up of provider digital maturity.
EPR focus is “blinkered” and attention should be elsewhere – Steve Sawyer
News March 7, 2024

EPR focus is “blinkered” and attention should be elsewhere – Steve Sawyer

Access HSC managing director Steve Sawyer has said that it is “blinkered” to solely look at and worry about EPRs because “it is not about…