Originally Posted by Hackhound.org
On April 30th, an unidentified individual, or group, hacked into the Virginia Prescription Monitoring Program's Web site, WikiLeaks first reported Sunday. A full week after the hack occurred, the perpetrator is still holding hostage the private data of over 8 million Virginia patients.
The party responsible for this security breach didn't hack into the prescription-drug-abuse-tracking site for fun, either. The hacker, or hackers, posted a ransom note on the Web site that, according to WikiLeaks, read:
I have your [expletive]! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh For $10 million, I will gladly send along the password.
For days, Virginia state police and FBI investigators have been trying to get to the bottom of the theft, which could ultimately result in the misuse of those 8 million packets of personal information. The government has not yet publicly identified the 8 million victims, nor has it notified them privately.
"There is an aspect of this investigation that is very sensitive that plays into when notification can take place," Virginia Governor Tom Kaine told NBC 29 yesterday. According to Kaine, that sensitive investigation is essentially two-pronged -- seeking to both recover the purloined data and apprehend the responsible party. According to an AP report hosted on NBC 29's site, the Governor made up for the lack of information with plenty of fire: "Kaine said the act infuriated him and the hackers won't get a penny."
Federal authorities haven't been any more forthcoming.
"I really can't make a declarative statement as to whether anyone's information is in jeopardy at this point," an FBI official told FOX News yesterday.
"The entire DHP [Department of Health Professions] system has been shut down since Thursday to protect the security of the program data," department director Sandra Whitley Ryals told FOX News. The Prescription Monitoring Program's Web site was still down at the time of this writing.
$10 million ransom
$10 million ransom
I am sure they can just restore to a recent backup of the data and continue running. They can treat this as a crash, and just restore. You can't hold the data 'hostage', you just have a copy of it.
The main issue is who dunit and could they breach the privacy of the people documented in the records.
DNR
The main issue is who dunit and could they breach the privacy of the people documented in the records.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- Pong18
- Cyber Mushroom
- Posts: 357
- Joined: 20 May 2009, 16:00
- 14
- Location: Manila, Philippines
- Contact:
well i think if this hacker is really good he will ultimately destroy the data making backup restoration truly impossible. heck he may even do a guttman pass for 20 times.
i mean damn man! that's absurd! data as a hostage? hell! he crazy, man, he crazy. now, i'm starting to believe those techno phobes who say that the internet and technology are the devil.
i mean damn man! that's absurd! data as a hostage? hell! he crazy, man, he crazy. now, i'm starting to believe those techno phobes who say that the internet and technology are the devil.
I'm concerned about the people and their meds. If my grandmother was one of those people and for some odd reason she wasn't able to get her med's and something happened, when the cops did get the person I might flip out, go back to jail and stab that dude in his face.
I'm all for making money, the more the better, just not at the expense of innocent bystanders.
I'm all for making money, the more the better, just not at the expense of innocent bystanders.
well kirk, as a nurse agree with what u said, that there is no reason for innocent ppl to be hurt because of such attack.Kirk wrote:I'm concerned about the people and their meds...
... I'm all for making money, the more the better, just not at the expense of innocent bystanders.
mahmoud_shihab@hotmail.com
well actually a hospital would revert back to paperwork. We had downtimes planned and would just go to paperform of charting.
Banks and hospitals need accurate databases, backups are made every so often. If a crash or event occured, they would restore to the last known backup and restore the system to that point - you could lose data that was entered after the last backup. If someone managed to steal an entire DB server - they can use a backup server and load it with last known good backups. This means downtime of perhaps hours, but not irrecoverable as the story implies.
So the guy is holding a copy of data for ransom, and they fear him because they want to know how he got in (thats why they shut it down)
DNR
Banks and hospitals need accurate databases, backups are made every so often. If a crash or event occured, they would restore to the last known backup and restore the system to that point - you could lose data that was entered after the last backup. If someone managed to steal an entire DB server - they can use a backup server and load it with last known good backups. This means downtime of perhaps hours, but not irrecoverable as the story implies.
So the guy is holding a copy of data for ransom, and they fear him because they want to know how he got in (thats why they shut it down)
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
Of course, the damage to the reputation of the business, as well as the public anxiety and concern whipped up as a direct result of this vile attack are incalculable, and beyond quantifability.
Such an attack is frankly, so outrageous in its defiance of both logic and generally accepted morals as to offend a reasonable person's sense of reason. As a terrorist move, it is a masterstroke. From a strictly profit making perspective, it is ridiculous, nary more than nonsense on stilts.
Such an attack is frankly, so outrageous in its defiance of both logic and generally accepted morals as to offend a reasonable person's sense of reason. As a terrorist move, it is a masterstroke. From a strictly profit making perspective, it is ridiculous, nary more than nonsense on stilts.
To the wicked, I am merely too knowledgeable in their ways.