All the latest UK technology news, reviews and analysis
|
|
|
05 May 2009
Hackers have taken control of the Virginia Prescription Monitoring Program (PMP), and are demanding a $10m (£6.6m) ransom for the return of millions of patient records.
The Virginia PMP contains details of drug prescriptions, and was designed to stop people abusing their access to medicines.
However, the site was taken over on Thursday by hackers who posted the following announcement on the web page:
"I have your s**t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uh oh :(For $10 million, I will gladly send along the password."
The site has now been taken down, and Virginia PMP representatives are not returning requests for information from the media.
The hackers' message added that, if payment is not received in seven days they will offer the information to the highest bidder. The identity data includes social security numbers and driving licence details.
The message then lampoons the FBI's practice of not paying ransoms for information, and gives an email address for response. The FBI and state police are reportedly investigating.
"If this is correct, it indicates that several protection layers failed at the PMP," said Bojan Zdrnja, of the Sans Internet Storm Center, in a blog post.
"Without knowing more details we can't say if the web application was good or bad (maybe the hacker got access through a different vulnerability), but one thing that should never happen is the ability for a hacker to delete your backups.
"And indeed, any decent backup system will only allow you to backup the data or read it. Only the backup administrator should be able to delete the backups. "
The case raises long-term questions for businesses holding large amounts of data on customers, and their liability should a hacking attack occur.
This is not the first time that medical databases have been held to ransom. In October 2008 prescription processor Express Scripts had its database stolen by hackers who demanded $1m (£660,000) for its safe return.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Principal Development Engineer Lead- London - Smart TV...
Development Engineer - London - Smart TV, Gaming, Tablets...
Principal Development Engineer - London - Smart TV, Gaming...
Test Engineer -London - Smart TV, Gaming, Tablets, PC...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
sigh
Who in the right mind will give those kids 10mil? Seriously though, people need to get to grips with DLP.
Posted by: Kennedy 06 May 2009
Tape
A case to support tape back up during the trend of on-line services
Posted by: Paul 06 May 2009