Home  >  consumer healthPrivacySecurityUncategorized   >   Health Records from Government Site Held for $10M Ransom

Health Records from Government Site Held for $10M Ransom

by John Moore | May 05, 2009

Late last week in the State of Virginia, someone hacked into the Virginia Dept. of Health Professionals (VDHP) website, downloaded all of 8M plus records and some 35M prescription records.  Upon downloading the information, the hacker went on to erase all of the records on the VDHP servers and is now demanding a $10M ransom to return the files.

The following screenshot from the VDHP website clearly shows that yes my sweetie, we are experiencing technical difficulities.

vdhp

West Virginia lawyer Bob Coffield has put up a good brief post with links for more information background on this somewhat scary story.

Makes one wonder just how safe are our records anyway, whether they are stored in repositories such as VDHP (a government run institution no less) to minimize drug abuse, or a given regional Exchange to facilitate care coordination or even one’s records stored at a local hospital, clinic or worse, physician’s office.  One thing is for sure, I doubt that few if any of the aforementioned facilities/operations have sufficient security to prevent such a hack to their systems.

Now the question is, under HIPAA, does the VDHP have to send out breach notifications to all consumers whose records have been compromised?

Addendum:

David Harlow, a Healthcare Lawyer based in Boston has an excellent post that looks closely at the broader implications of this privacy and security breach.

Stay up to the minute.

“Chilmark were one of the first industry watchers to recognize the importance of population health and are still one of the most sophisticated in their apprecition of what is going to be needed to transform health and care.”

-Former SVP of PHM at Cerner