Whoops - a case of ransom and the backup that didn't work
Either an inside job or an unfortunately good job of hacking.
From WikiLeaks comes this story of
the purloined database:
Over 8M Virginian patient records held to ransom, 30 Apr 2009
May 3, 2009
Summary
On Thursday, April 30, the secure site for the Virginia Prescription Monitoring Program (PMP) was replaced with a $US10M ransom demand:"I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The site, https://www.pmp.dhp.virginia.gov/pmpwebcenter/login.aspx appears to have been entirely disabled and is presently unavailable.
The PMP is used by pharmacists and others to discover prescription drug abuse.
The PMP declined to comment, although when contacted, appeared to be aware of the issue, instantly referring inquiries to the director of the DHP, who is presently unavailable.
Click on the text of the ransom note to see the full version.
Odd that there would be no off-site backup. That is standard with any critical data.
I would look for recently dismissed IT staff...
Posted by DaveH at May 6, 2009 9:08 PM