"We have lost our ambition, our imagination, and our willingness to do the things that built the Golden Gate Bridge" - Barack Obama (aka President Malaise)
Pitch in with the Prince William Young Republicans and help defeat Obama in 2012!
Hackers Steal Your Prescription Records From Virginia Computers
By Greg L | 4 May 2009 | Virginia Politics, Crime | 7 Comments
So if Virginia can’t manage to secure the patient history of over eight million Virginian’s from ransom-demanding hackers, how is some sort of nationalized health system going to make our lives better? That should be one of the prime questions being asked in the wake of this recent breach of the Virginia Prescription Monitoring Program, which not only has apparently lost all the backup data for these patient records, but is now being extorted to the tune of ten million dollars for the return of your patient medical records. Of course, they’ll still have the data — your information, and rest assured they’re going to try to use your medical information in order to make some money. Thanks, Governor/DNC Chairman Kaine. You just made sure our private medical information was made available to hackers.
Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records:
“I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.”
Although the details haven’t been released, my experience leads me to suspect some terrifically stupid decision made it easy for hackers to breach the Virginia Department of Health Professions and that the commonwealth entirely failed to comply with the security mandates of HIPPA. While Virginia will prosecute individuals and businesses for violating HIPPA regulations, it can’t be sued for violating that act itself and making your personal information the plaything of a bunch of criminal cyber thieves that will use that information any way they can in order to extract money from someone, somewhere.
So if your identity ends up getting stolen, or some stranger ends up with really personal information about you and tries to use that against you, you have Governor Goober to thank for it.
The next time government wants to get more involved in your health care, remember this and tell them to go to hell.
H/T: NLS
The opinions expressed here are solely the views of the author, and not representative of the position of any organization, political party, doughnut shop, knitting guild, or waste recycling facility, but may be correctly attributed to the Vast Right-Wing Conspiracy. If anything in the above article has offended you, please click here to receive an immediate apology.
You can follow the discussion through the Comments feed. You can also pingback or trackback from your own site.
7 Comments
Views: 943
Loading ...
This is on the same par with the Spender-in-Chief’s proposal to put all veterans medical records in a “E-records” system. Nice. Although I will conceded that VA e-records would affect a narrow sample of the population in Virginia. The principle still stands, if the government can’t be trusted with oversight of prescription records, how will they manage a full file of medical records?
http://www.washingtonpost.com/wp-dyn/content/article/2009/05/04/AR2009050403755.html
I love how the WashPo dances around the real reason-health care ain’t free in Mexico.
I’ve heard that where there’s smoke there’s fire. However, I’d be a little reticent to accept something reported on Wikileaks as Gospel. WaPo and RTD are reporting a Wikileaks.org entry. It may turn out to be false, less than it seems or true. However, you’d think that the state government would officially make some kind of comment given the concern over this matter and the growing reporting of it. This statement should be coming straight from Tim Kaine. However, I’ve also got to ask where Bob McDonnell is on this. He’s the Attorney General - no? Maybe we have a bit of a standoff - McDonnell can’t say much because he’s get AG issues, the 3 Dems don’t want to sqwak because it makes Kaine look bad.
Or, this could be BS or just somebody defacing the web site without stealing the data.
One thing for sure - this is classic Commonwealth of Virginia “mushroom management” - keep the citizens in the dark and feed them … well, you know what mashroom “eat”.
Bob resigned from the AG position in order to campaign. The current AG is Bill Mims. As for the veracity of the story, the WashPo checked it out and they’re satisfied, FWIW.
So, where is Mr. McDonnell’s commentary on this matter? This would seem “tailor made” for him. It’s a law and order issue, it happned on Kaine’s watch and McDonnel’s the former AG who should be demanding aggressive investigation and prosecution. Maybe he feels enough alligience to his former office that he wants to let those still in office make the comments? It seems that this security “hole” has been there a while. Maybe Mr. McDonnell should have been paying more attention to cybersecurity while in office? I don’t know. I just wonder why it’s getting such limited coverage. It’s also a “hot story” involving computer hacking, electronic medical records, ransom notes, etc. Along with thousands of other people, I get Twitter updates from all 4 candidates (although Mr. Moran, or his campaign, is not very active). I see where they are constantly campaigning and speaking to groups in Virginia. They all have plenty of chances to take up this matter in public. I understand that the Dems don’t want to embarrass Kaine. But McDonnell? Where’s the outrage? Where’s the demand for Tim Kaine to take immediate action?
The Richmond Times Dispatch is also reporting the story, FWIW. http://www.timesdispatch.com/rtd/news/local/article/HACKGAT05_20090504-212004/265693/
Greg, Alex Granados’ blog on the MJM website covers your posting today.
sounds like an inside job to me.
If the person was able to sabotage the backups, delete the info, encrypt it, etc - too much access to the process to not be an inside job.
And yes, Electronic Medical Records are coming - we need to get healthcare costs under control, and our antiquated system adds to our costs. People complain about the taxes companies pay, well, runaway healthcare costs (with no control) are often more than the taxes - and with hc being 15% of GDP, we pay more for healthcare than any other country in the world.