Virginia Data Breach and Ransom

Cyber Thief Asking $10,000,000

According to a posting on, the on-line clearinghouse for leaked documents, hackers  in late April broke into a Common Wealth of Virginia state Web site used by pharmacists to track prescription drug abuse. The cyber thief deleted records on more than 8 million patients and then replaced the site’s homepage with a ransom note. The note demanded $10, 000,000 for the return of the records.


The ransom stated:

“I have your sh*t!

In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password.)”

It truly stretches the imagination to believe outside cyber thief’s could break into a state-run website and destroy the “original data” and its backup, which presumably would be  (should be!) stored off-site. This attack was the latest incident to involve the mass storage of EMR (electronic medical records). When not secured properly, EMR’s are easier to steal than paper records. Late last year, pharmacy prescription processor Express Scripts offered a $1,000,000 reward for information leading to the arrest of hackers who threatened to disclose stolen records belonging to millions of their patients.

Several security pros says that at a time when botnets are quietly stealing truckloads of  corporate and financial data  and quietly disappearing off into the dark world of cyber crime, data being kidnapped and held for ransom is not among the top threats enterprises should be worried about.  In all actuality, the largest threats are the ones that attempt to  be in stealth mode, leaving no trace if you will for the victims to identify.

That said however,  the current administration’s push  to digitization medical records to lower the cost of health care could open the door for exploitation.  Assuming these groups of extortionists aren’t bluffing when they say they’ve acquired EMR’s, then theft / ransom of this personal data may become more frequent as paper records are digitized.


By:  Wils Bell, President

LinkedIn Profile:, Inc.

Information Security Recruitment Since 1990
Phone: 407-365-2404
eFax: 407-956-4976


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s