Hacker demands $10M ransom for data

A hacker who claims to have stolen 8 million records from a database that tracks prescription drug abuse in Virginia is demanding a $10 million ransom for the information's return, according to media reports.

In a Roanoke Times article, Gov. Tim Kaine calls the incident "an intentional criminal act against the commonwealth by somebody who was trying to harm others." The FBI and Virginia State Police are investigating, the newspaper reported.

The breach involves the Virginia Department of Health Professions' (DHP) prescription drug-monitoring database. The department licenses health care providers in the state and tracks the sales of controlled substances.

The breach apparently happened April 30. According to Digital Journal, the hacker posted a note on WikiLeaks.org — a Web site devoted to leaking documents — demanding the ransom and threatening to sell the data on the open market if the state did not pay. Today was the deadline.

"I have your [email protected]*t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions," the WikiLeaks note reads. "Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :("

However, DHP Director Sandra Whitley Ryals said the database has been properly backed up, Digital Journal reported.

Featured

  • Workforce
    coronavirus molecule (creativeneko/Shutterstock.com)

    OMB urges 'maximum telework flexibilities' for DC-area feds

    A Sunday evening memo ahead of a potentially chaotic commute urges agency heads to pivot to telework as much as possible.

  • Acquisition
    Shutterstock ID: 1993681 By Jurgen Ziewe

    Spinning up telework presents procurement challenges

    As concerns over the coronavirus outbreak drives more agencies towards expanding employee telework, federal acquisition contracts can help ease some of the pain.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.