An online thief compromised the network of the Commonwealth of Virginia's Department of Health Professions, allegedly stealing healthcare data on nearly 8.3 million patients, according to reports.
The network intruder left a message claiming to have taken 8.26 million patient medical records and almost 36 million prescriptions, according to the SecurityFix blog. While a screenshot of the ransom note was first posted by Wikileaks, the leaked-documents site is currently down. The Virginia Department of Health Professions' Web site was down for most of Tuesday morning, but was again accessible by noon ET.
The online attacker demanded $10 million for the data, according to both sources.
The theft resembles the blackmail of pharmacy-benefits management firm Express Scripts, which received a letter in October 2008 claiming that the company's network had been breached and threatening to release millions of customer records unless the firm paid money to the thieves. The company offered a bounty of $1 million for information leading to the arrest and prosecution of those responsible for the theft.
Some attackers have attempted mass extortion by using Trojan horse programs and computer viruses to compromise victims' computers and then encrypting the data. Other hackers have targeted the critical infrastructure of power companies, claiming they would darken cities unless they were paid.
A representative of the Virginia Department of Health Professions did not return calls for comment. A banner at the top of the site stated, "The Virginia Department of Health Professions is currently experiencing technical difficulties which affect computer and email systems. We apologize for any inconvenience this may cause."
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos