Tag Archives: hackers

Covering cybersecurity as breaking news and a long-term health care story

Rebecca Vesely

About Rebecca Vesely

Rebecca Vesely is AHCJ's topic leader on health information technology and a freelance writer. She has written about health, science and medicine for AFP, the Bay Area News Group, Modern Healthcare, Wired, Scientific American online and many other news outlets.

Photo: Marcie Casas via Flickr

Photo: Marcie Casas via Flickr

Cyberattacks on hospitals and health insurers have become a regular occurrence – and breaking news in communities where the breaches take place.

A new tip sheet on health care cybersecurity seeks to help reporters who find themselves covering a cyberattack at their local hospital, medical group or health plan. Typically, the attacked entity will issue a press release with the number of affected patients, approximate date of the attack and response. Continue reading

Hackers hold Va. prescription database hostage

Scott Hensley

About Scott Hensley

Scott Hensley runs NPR's online health channel, Shots. Previously he was the founding editor of The Wall Street Journal's Health Blog and covered the drug industry and the Human Genome Project for the Journal. Hensley serves on AHCJ's board of directors. You can follow him at @ScottHensley.

Some very nasty folks disabled a Virginia state Web site containing confidential prescription information, reportedly deleting more than 8 million patient records from a database used by pharmacists to combat drug abuse.

Illustration by d70focus via Flickr.com

Illustration by d70focus via Flickr.com

The bad guys want $10 million to restore the data. Let’s hope somebody made a backup.

The hackers apparently struck the Virginia Department of Health Professions last week, trashing a secure site for the Virginia Prescription Monitoring Program. Brian Krebs of The Washington Post’s blog Security Fix has the story.

The department’s site is still having trouble. But you can find out how the monitoring program worked by reading this 2004 report, hosted on a Wisconsin server that’s still chugging along.

A report on the break-in and the $10 million ransom demand was first posted on Wikileaks.org.

State and federal official have opened criminal investigations, the Post reported. Neither the Virginia department nor the FBI would comment on details of the hackers’ claims or the status of investigations, the Post wrote.

Thomas Claburn of Information Week writes:

Extortion demands of this sort have become relatively common in data breach cases. Last October, for instance, Express Scripts, a prescription drug management company based in St. Louis, received a letter that threatened the release of millions of patient records.

According to Claburn, the technique of capturing data, encrypting it, then selling access to the former owner has become popular enough to earn its own name: cryptoviral extortion.

Computerworld reports that just last week the former information technology director for LifeGift, a nonprofit organ and tissue donation center that is the sole provider of organ procurement services for more than 200 Texas hospitals, pleaded guilty to a charge that she broke into the organization’s computer network and deleted organ donation database records, invoice files, and database and accounting software — and the backup files  — according to the U.S. Department of Justice.