Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
This forum is in permanent archive mode. Our new active community can be found here.
Hackers Hold US Medical Records Hostage
Hackers have taken control of the Virginia Prescription Monitoring Program (PMP) in the U.S. and are demanding a US$10 million (A$13.6 million) ransom for the return of patient’s records.
The PMP contains details of medical patient’s drug prescriptions and was intended to be used to stop people abusing their access to medicines.
However, on Thursday the site was taken over by hackers and the following announcement posted on the web page.
"I have your s**t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions,” said the site according to Wikileaks.
“Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The site has now been taken down and PMP representative are not returning requests for information from the media.
The message continues that if payment is not received in seven days then the hackers will offer the information to the highest bidder.
They say that they may not find a market for the prescription data but should be able to sell basic identity information such as social security numbers and driver’s license details.
The message then lampoons the FBI’s practice of not paying out ransom for information and gives an email for response. The FBI and state police are reportedly investigating.
“If this all is correct, it indicates that several protection layers failed at the PMP,” said Bojan Zdrnja of the SANS Internet Security Center in a blog posting.
“Without knowing more details we can't say if the web application was good or bad (maybe the hacker got access through a different vulnerability), but one thing that should never happen is ability for a hacker to delete your backups. And indeed, any decent backup system will only allow you to backup the data or read it – only the backup administrator should be able to delete the backups.”
The case raises long term questions for businesses holding large amounts of data on customers, and their liability should a hacking attack occur.
This is not the first time that medical databases have been held for ransom. In October 2008 prescription processor Express Scripts had their database stolen and offered US$1 million for its safe return.http://itnews.com.au/News/102606,hackers-hold-us-medical-data-hostage.aspx
If this is actually true, I'm curious as to how the hacker(s) got to the backups; aren't those things usually kept on a network separate from the main one?
The PMP contains details of medical patient’s drug prescriptions and was intended to be used to stop people abusing their access to medicines.
However, on Thursday the site was taken over by hackers and the following announcement posted on the web page.
"I have your s**t! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions,” said the site according to Wikileaks.
“Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The site has now been taken down and PMP representative are not returning requests for information from the media.
The message continues that if payment is not received in seven days then the hackers will offer the information to the highest bidder.
They say that they may not find a market for the prescription data but should be able to sell basic identity information such as social security numbers and driver’s license details.
The message then lampoons the FBI’s practice of not paying out ransom for information and gives an email for response. The FBI and state police are reportedly investigating.
“If this all is correct, it indicates that several protection layers failed at the PMP,” said Bojan Zdrnja of the SANS Internet Security Center in a blog posting.
“Without knowing more details we can't say if the web application was good or bad (maybe the hacker got access through a different vulnerability), but one thing that should never happen is ability for a hacker to delete your backups. And indeed, any decent backup system will only allow you to backup the data or read it – only the backup administrator should be able to delete the backups.”
The case raises long term questions for businesses holding large amounts of data on customers, and their liability should a hacking attack occur.
This is not the first time that medical databases have been held for ransom. In October 2008 prescription processor Express Scripts had their database stolen and offered US$1 million for its safe return.http://itnews.com.au/News/102606,hackers-hold-us-medical-data-hostage.aspx
If this is actually true, I'm curious as to how the hacker(s) got to the backups; aren't those things usually kept on a network separate from the main one?
Comments
More than likely just needed to bribe some low level employee to get a database.