Rx Cyberjacking [UPDATED AND BUMPED: 5/7/09]

[UPDATED - Please scroll down]

[Welcome Industry Radar readers!]

On the one hand, EMR (electronic medical records) promises convenience and efficiency. Having one's records easily accessible by one's provider saves both parties time, and can help avoid potentially dangerous medication interaction problems.

On the other hand, one's data is only as convenient and safe as the holder of that data makes it. In Virginia, for example, the state has set up a website for licensed pharmacists to track potential prescription drug abuse. Unfortunately, the firewall protecting this sensitive information wasn't as effective as they might have believed: hackers broke into the system, deleting "records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records."

The news item is based on a Wikileaks entry that claims to include a copy of the ransom note. It's hard to verify that, since it's just text, not a picture of the note itself. Naturally skeptical, I clicked on over to the Virginia Department of Health's website, hoping to find either confirmation or denial. Unfortunately, this is what I found at the top of the relevant page:

"The Virginia Department of Health Professions is currently experiencing technical difficulties which affect computer and email systems. We apologize for any inconvenience this may cause."

Ooops.

While this kind of news makes interesting, and perhaps important, blog fodder, I can't in good conscience comment as if this is fact. We'll continue to follow this, updating and expanding on this post.

[Hat Tip: Holly Robinson]

5/6/09: New information is coming online about this bizarre situation. According to Fox News:

"An FBI official has confirmed that the FBI, along with state police in Virginia, have launched an investigation into a $10 million ransom demanded by a hacker or hackers who say they have stolen nearly 8.3 million patient records from a Virginia government Web site that tracks prescription-drug abuse."

The Prescription Monitoring Program discussed in the original post is still offline, which is causing even more speculation, but which may be indicative of a simple server crash. According to the news story, though, a spokescritter with the Virginia Department of Health claims that the "Prescription Monitoring Program Web site is now secure," although there's nothing to corroborate (or refute) her statement.

Since we have only the hacker's word that the data was breached, I'd prefer not to speculate, but we'll keep our readers posted.

5/7/09: It appears that the site is now back online. According to a statement from the Director of the Department of Health Professions, "A criminal investigation is currently underway regarding a potential security breach of the Virginia Department of Health Profession’s (DHP) Prescription Monitoring Program on Thursday, April 30. While DHP cannot comment directly on an ongoing investigation, we can assure the public that all precautions are being taken for DHP operations to continue safely and securely " [emphasis added]

Gee, that must be comforting to those allegedly affected by recent events.

Share on :

Tweet

Rx Cyberjacking [UPDATED AND BUMPED: 5/7/09]

Reviewed by Merlyn Rosell
Published : 2009-05-07T06:45:00-07:00
Rating : 4.5