When users logged into the Virginia Prescription Monitoring Program (PMP) website on April 30, they were greeted with a ransom note in which an unknown hacker threatened to sell the patient records of 8,257,378 people to the highest bidder if he wasn’t sent $10 million within a week.
The note was also posted on Wikileaks. Below is the message in its entirety:
A statement from the Virginia Department of Health Professions acknowledged last Thursday’s breach but offered no detail as to how the Department was going to deal with the issue.
“A criminal investigation is currently underway regarding a potential security breach of the Virginia Department of Health Profession’s (DHP) Prescription Monitoring Program on Thursday, April 30,” the statement read. “While DHP cannot comment directly on an ongoing investigation, we can assure the public that all precautions are being taken for DHP operations to continue safely and securely”
The DHP went on to say that it is working with State and Federal law enforcement to resolve the situation and said it was “satisfied” all data has been properly backed up and that these backup files have been secured.
Virginias PMP program was set up in November 2007 and allows pharmacists to cross-reference prescriptions to see if a patient is issued multiple scripts for narcotics by several different doctors.