Hackers demand $10 million ransom after wiping patient data

Filed Under: Data loss

According to media reports, hackers broke into a Virginia government website, stealing the details of almost 8.3 million patients, and threatening to auction them to the highest bidder if a $10 million ransom isn't paid.

The hackers' ransom note was left on the home page of the Virginia Prescription Monitoring Program last week, which helps pharmacists track prescription drug abuse.

Virginia data ransom message

Whether this is a real data breach or not is open to some question - and it's possible that the message amounts of little more than juvenile website defacement. Certainly, the claims that the backups have also been wiped appear a little far-fetched as surely they would be stored securely at an off-site facility?

Nevertheless, the website in question appears to have been down since the incident was first reported, and according to an official statement by the Virginia Department of Health they are experiencing "problems" with their websites and email at the moment:

Virginia Department of Health website problems

Fascinatingly, this isn't the first time that hackers have attempted to extort money by stealing prescription data. Late last year I reported on how Express Scripts refused to pay up, after extortionists threatened to expose millions of the company's medical customers' records.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.