Virginia Department of Health hacked

News

  • 21 May 2009
Jon Hoeksma
December 1, 2016

An attack on the Virginia Department of Health Professionals (VDHP) website, resulted in a prescriptions website being hacked and a $10m ransom demand for the return of millions of allegedly stolen patient records.

US press reports and blogs say the attack involved over eight million electronic patient records and some 35m prescription records. That an attack had happened was confirmed by VDHP which immediately suspended all its servers.

According to an Information Week report, the alleged attack saw a hacker claim to download eight million patient records, erase the records from the VDGP servers, and then demand a $10m ransom for the return of the files.

The Wikileaks website reported that the Web site for the Virginia Prescription Monitoring Program had been defaced with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file. VDHP says proper backups were in place.

According to a report by the Richmond Times Dispatch, on 31 April all 36 servers storing the state agency’s records were shut down after a midday message popped up on some computer screens that claimed the system was being hacked.

Sandra Whitley Ryals, director of the Virginia Department of Health, said in a 6 May statement. “A criminal investigation is currently underway regarding a potential security breach of the Virginia Department of Health Profession’s (DHP) Prescription Monitoring Program on Thursday, April 30.”

The statement continued: “The entire DHP system was shut down since Thursday to protect the security of the program data, and state authorities including the Virginia Information Technologies Agency (VITA) and the Virginia State Police were notified immediately upon identifying the potential breach. We are satisfied that all data was properly backed up and that these backup files have been secured.”

The claimed attack is the second to be reported by the Wall Street Journal in the past year. In October 2008, Express Scripts, a processor of pharmacy prescriptions, said extortionists were threatening to disclose the personal and medical information of millions of US citizens if the company failed to meet payment demands. Express Scripts is now said to be offering a $1m reward for information leading to the arrest and conviction of those responsible.

Subscribe To Our Newsletters

Find out more

Subscribe to our newsletter

Subscribe To Our Newsletter

Prev News

Slovenia rolls out e-health card

Next News

Study finds issues with stroke triage

Related News

Repairing EPR data errors could cost NHS at least £13.5m in 2026
News May 13, 2026

Repairing EPR data errors could cost NHS at least £13.5m in 2026

NHS trusts in England could spend more than £13.5m in 2026 on correcting data problems that emerge EPR go-lives, MBI Health analysis suggests.
AI scribe enables GP telephone transcripts to be filed into records
News January 28, 2026

AI scribe enables GP telephone transcripts to be filed into records

An AI scribe from X-on Health will be able to transcribe notes from GP telephone conversations, as well as in person appointments.
Digital Health Unplugged: Delivering the 10 year health plan
News September 2, 2025

Digital Health Unplugged: Delivering the 10 year health plan

This episode, in collaboration with Digital Health Networks sponsor CereCore International, focuses on delivery of the 10 year health plan.