Hacker demands $10M ransom for data
A hacker who claims to have stolen 8 million records from a database that tracks prescription drug abuse in Virginia is demanding a $10 million ransom for the information's return, according to media reports.
In a Roanoke Times article, Gov. Tim Kaine calls the incident "an intentional criminal act against the commonwealth by somebody who was trying to harm others." The FBI and Virginia State Police are investigating, the newspaper reported.
The breach involves the Virginia Department of Health Professions' (DHP) prescription drug-monitoring database. The department licenses health care providers in the state and tracks the sales of controlled substances.
The breach apparently happened April 30. According to Digital Journal, the hacker posted a note on WikiLeaks.org — a Web site devoted to leaking documents — demanding the ransom and threatening to sell the data on the open market if the state did not pay. Today was the deadline.
"I have your s@*t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions," the WikiLeaks note reads. "Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :("
However, DHP Director Sandra Whitley Ryals said the database has been properly backed up, Digital Journal reported.