HomeFairfax General ForumArrest/Ticket SearchWiki newPictures/VideosChatArticlesLinksAbout
Fairfax County General :  Fairfax Underground fairfax underground logo
Welcome to Fairfax Underground, a project site designed to improve communication among residents of Fairfax County, VA. Feel free to post anything Northern Virginia residents would find interesting.
Virginia Health Database Held For Ransom <-- pwn3d
Posted by: Gravis ()
Date: May 05, 2009 10:36AM

Quote
Hackers Break Into Virginia Health Professions Database, Demand Ransom
Hackers Break Into Virginia Health Professions Database, Demand Ransom

Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents.

Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.

Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records:

"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."

The site, along with a number of other Web pages related to Virginia Department of Health Professions, remains unreachable at this time. Sandra Whitley Ryals, director of Virginia's Department of Health Professions, declined to discuss details of the hacker's claims, and referred inquires to the FBI.

"There is a criminal investigation under way by federal and state authorities, and we take the information security very serious," she said.

A spokesman for the FBI declined to confirm or deny that the agency may be investigating.

Whitley Ryals said the state discovered the intrusion on April 30, after which time it shut down Web site site access to dozens of pages serving the Department of Health Professions. The state also has temporarily discontinued e-mail to and from the department pending the outcome of a security audit, Whitley Ryals said.

"We do have some of systems restored, but we're being very careful in working with experts and authorities to take essential steps as we proceed forward," she said. "Only when the experts tell us that these systems are safe and secure for being live and interactive will that restoration be complete."

She added that the department does have a page online at www.dhp.virginia.gov that lists the phone and fax numbers for various state health boards, and that the state would continue issuing health care licenses and investigating violations of the law or regulations of state health licensees.

This is the second major extortion attack related to the theft of health care data in the past year. In October 2008, Express Scripts, one of the nation's largest processors of pharmacy prescriptions, disclosed that extortionists were threatening to disclose personal and medical information on millions of Americans if the company failed to meet payment demands. Express Scripts is currently offering a $1 million reward for information leading to the arrest and conviction of the individual(s) responsible for trying to extort money from the company.

im sure this is another example of windows ftw.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."095042938540

Options: ReplyQuote
Re: Virginia Health Database Held For Ransom <-- pwn3d
Posted by: Shadow ()
Date: May 05, 2009 10:38AM

And people think a national health database would be a good idea. Yeah right.

Options: ReplyQuote
Re: Virginia Health Database Held For Ransom <-- pwn3d
Posted by: Gravis ()
Date: May 05, 2009 10:45AM

Shadow Wrote:
-------------------------------------------------------
> And people think a national health database would
> be a good idea. Yeah right.

it actually is a good idea. however, like all databases containing private information, it's bad idea if you arent going to be serious about protecting the information.


"the wisdom of the wise will perish, the intelligence of the intelligent will vanish."095042938540

Options: ReplyQuote
Re: Virginia Health Database Held For Ransom <-- pwn3d
Posted by: Shadow ()
Date: May 05, 2009 11:10AM

From what I've seen, most large organizations, especially the government, are idiots when it comes to computers. Even those with supposed 'experts' don't have decent protections in place and don't back up the date frequently enough if at all.

Thanks, I'll keep my info myself for now. Then if it gets out, it's my own damn fault.

Options: ReplyQuote
Re: Virginia Health Database Held For Ransom <-- pwn3d
Posted by: pgens ()
Date: May 05, 2009 12:44PM

I get the whole fun of being a l337 h4x0r3z!!!!1!!1! but how do the writers of the ransom notes intend to collect the money even if it was paid?

Options: ReplyQuote
Re: Virginia Health Database Held For Ransom <-- pwn3d
Posted by: ITRADE ()
Date: May 05, 2009 01:57PM

Air drop over Somalia.

Options: ReplyQuote
Re: Virginia Health Database Held For Ransom <-- pwn3d
Posted by: pgens ()
Date: May 05, 2009 02:15PM

lol, maybe so.

Options: ReplyQuote
Re: Virginia Health Database Held For Ransom <-- pwn3d
Posted by: ITRADE ()
Date: May 05, 2009 02:19PM

Perhaps the VDOH can call in the Navy SEALs and they can deal with this issue in a similar fashion.

As always....beware the pink mist.

Options: ReplyQuote
Re: Virginia Health Database Held For Ransom <-- pwn3d
Posted by: DanielLee5 ()
Date: August 04, 2022 05:42AM

How do you like express scripts ?

Options: ReplyQuote


Your Name: 
Your Email (Optional): 
Subject: 
Attach a file
  • No file can be larger than 75 MB
  • All files together cannot be larger than 300 MB
  • 30 more file(s) can be attached to this message
Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically.
 **      **  ********  ********         **   *******  
 **  **  **  **        **     **        **  **     ** 
 **  **  **  **        **     **        **  **        
 **  **  **  ******    ********         **  ********  
 **  **  **  **        **         **    **  **     ** 
 **  **  **  **        **         **    **  **     ** 
  ***  ***   ********  **          ******    *******  
This forum powered by Phorum.