Hackers demand $10 million ransom after wiping patient data

According to media reports, hackers broke into a Virginia government website, stealing the details of almost 8.3 million patients, and threatening to auction them to the highest bidder if a $10 million ransom isn’t paid.

The hackers’ ransom note was left on the home page of the Virginia Prescription Monitoring Program last week, which helps pharmacists track prescription drug abuse.

Virginia data ransom message

Whether this is a real data breach or not is open to some question – and it’s possible that the message amounts of little more than juvenile website defacement. Certainly, the claims that the backups have also been wiped appear a little far-fetched as surely they would be stored securely at an off-site facility?

Nevertheless, the website in question appears to have been down since the incident was first reported, and according to an official statement by the Virginia Department of Health they are experiencing “problems” with their websites and email at the moment:

Virginia Department of Health website problems

Fascinatingly, this isn’t the first time that hackers have attempted to extort money by stealing prescription data. Late last year I reported on how Express Scripts refused to pay up, after extortionists threatened to expose millions of the company’s medical customers’ records.