Blog | Wednesday, May 6, 2009

Hacker demands ransom for patient records

The Web site Wikileaks reported this week that a computer hacker wiped out more than 8 million patient records stored on a secure site for the Virginia Prescription Monitoring Program (VPMP) and replaced the home page with a ransom note demanding $10 million for the records' return. The director of Virginia's Department of Health Professions declined to provide details but confirmed that a criminal investigation is underway, according to the Washington Post's Security Fix blog, which picked up on the story.

While details have yet to be confirmed, there is a message on the VPMP Web site that its systems are inaccessable until further notice. The site, which also contained 35.5 million prescriptions, is used by health officials to monitor prescription drug abuse. The incident follows another as-yet unsolved case from October 2008 when hackers demanded ransom for the return of computer files held by Express Scripts Inc.

Knowing that anonymous hackers can bypass the safeguards of a supposedly secure government Web site is fodder for those who argue against transferring patient information to electronic records. But neither does it make sense for patient records to be relegated to paper, the lone holdout in an online world. It's a virtual arms race as legitimate Web sites step up security only to be foiled by ingenious hackers. One can only hope that the techies working inside the system are as clever as those on the dark side.