Cyber Thief Asking $10,000,000
According to a posting on Wikileaks.org, the on-line clearinghouse for leaked documents, hackers in late April broke into a Common Wealth of Virginia state Web site used by pharmacists to track prescription drug abuse. The cyber thief deleted records on more than 8 million patients and then replaced the site’s homepage with a ransom note. The note demanded $10, 000,000 for the return of the records.
The ransom stated:
“I have your sh*t!
In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.)”
It truly stretches the imagination to believe outside cyber thief’s could break into a state-run website and destroy the “original data” and its backup, which presumably would be (should be!) stored off-site. This attack was the latest incident to involve the mass storage of EMR (electronic medical records). When not secured properly, EMR’s are easier to steal than paper records. Late last year, pharmacy prescription processor Express Scripts offered a $1,000,000 reward for information leading to the arrest of hackers who threatened to disclose stolen records belonging to millions of their patients.
Several security pros says that at a time when botnets are quietly stealing truckloads of corporate and financial data and quietly disappearing off into the dark world of cyber crime, data being kidnapped and held for ransom is not among the top threats enterprises should be worried about. In all actuality, the largest threats are the ones that attempt to be in stealth mode, leaving no trace if you will for the victims to identify.
That said however, the current administration’s push to digitization medical records to lower the cost of health care could open the door for exploitation. Assuming these groups of extortionists aren’t bluffing when they say they’ve acquired EMR’s, then theft / ransom of this personal data may become more frequent as paper records are digitized.
By: Wils Bell, President
LinkedIn Profile: http://www.linkedin.com/in/wilsbell
Information Security Recruitment Since 1990