Over eight million patient records have been held to ransom in the US state of Virginia.
Wikileaks has reported that the secure site for the Virginia Prescription Monitoring Program was replaced with a ransom demand for $10 million. The note, which was placed on the 30th April, left the site entirely disabled and it remains unavailable at the time of writing.
The ransom demand stated: “I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :( For $10 million, I will gladly send along the password.”
The program, which is used by pharmacists and others to discover prescription drug abuse, declined to comment according to Wikileaks, although when contacted, appeared to be aware of the issue and instantly refers inquiries to the director of the DHP, who is presently unavailable.
Mary Landesman, senior security researcher at ScanSafe, said: “As we've mentioned several times in the past, successful compromise of a website doesn't just spell trouble for that site's visitors - it can lead to an internal compromise of the affected enterprise.”