Days after a hacker claimed to have broken into a database and encrypted millions of prescription records at the Virginia Department of Health Professions, it remains unclear what happened.
Whistleblower Web site Wikileaks.org last Sunday carried a report from an anonymous poster who said that the secure site for the Virginia DHP Prescription Monitoring Program (PMP) had been broken into by a hacker who made a $10 million ransom demand.
The alleged ransom note posted on the PMP site claimed that the hacker had backed up and encrypted more than 8 million patient records and 35 million prescriptions and then deleted the original data.
The PMP allows pharmacists and health care professionals to track prescription drug abuse, such as incidents of patients who go "doctor-shopping" to find more than one doctor to prescribe narcotics.
The breach at the Virginia health agency highlights the "overall lack of compliance" with HIPAA within the health care sector, said Peter MacKoul, president of HIPAA Solutions LC, a consulting firm in Sugar Land, Texas.
Automated summary from: ComputerWorld
