Categories
Articles

Hackers Hold Virginia Medical Records for Ransom

In a significant blow to advocates of prescription drug monitoring programs, computer hackers who broke into the state of Virginia’s patient records database say that unless the state government pays a $10 million ransom, they will sell the medical records to the highest bidder.

Medical records in the database include prescription use histories for drugs including OxyContin, Ambien, and Vicodin.

Info Collected to Reduce Drug Diversion Might Actually Increase It

The hijacked prescription records are used by doctors and pharmacists in an effort to reduce the illicit use and diversion of certain medications, notably opiate drugs such as OxyContin. With hackers in possession of all that information, experts say that the information gathering program that was intended to reduce prescription drug abuse might just make it easier for the bad guys to gain access to these drugs at the retail level.

With access to past prescribing records, medical identity theft fraudsters would have all the information they needed to fill a legitimate prescription. And since an 80mg Oxycontin that retails for just over $4 can be sold for 20 times that amount on the street, the profit potential for the resale of these illegally acquired medications is enormous.

Government officials first learned of the informational security breach April 30, when hackers posted a message on the state’s website. The hackers later released information about their exploits on the WikiLeaks website.

An investigation into the security breach is ongoing, and state officials have stressed that they do not know for certain whether medical records have in fact been compromised. On WikiLeaks, the hackers claimed to have stolen the patient records of eight million people, as well as 35 million prescription records.

As reported in a May 6 article on the website of The Roanoke Times,Virginia Governor Timothy M. Kaine called the attack “an intentional criminal act against the commonwealth by somebody who was trying to harm others.”

A May 7 Washington Times article reported that Gov. Kaine has adamantly rejected the notion that the government would pay the ransom that the hackers have demanded. “They really think they’ll get anything out of this?” he asked. “Not a chance.”

Electronic patient records which form an integral part of prescription drug monitoring programs have always been controversial, with critics of digital recordkeeping often expressing concerns over information security and access.

Florida has come under heavy recent criticism for its loose prescription monitoring legislation, and the state legislature recently approved a bill that would increase digital monitoring of medical records (although similar bills have in the past failed the approval process due to privacy concerns). Following the Virginia security breach, a number of Florida legislators urged Florida Governor Charlie Crist to veto the bill.

Gov Kaine remained tight-lipped regarding the extent of the breach, saying that if the investigation revealed that medical records had been compromised, then all Virginians would be informed.