Comments on: Health Records from Government Site Held for $10M Ransom

By: Smith

Smith — Mon, 29 Jun 2009 17:56:08 +0000

Great post, thanx.

By: The Week in Numbers « Next Things First

The Week in Numbers « Next Things First — Fri, 08 May 2009 16:51:46 +0000

[...] Records from Government Site Held for $10M Ransom [Chilmark [...]

By: Scammers target Health Records « 3G Doctor Blog

Scammers target Health Records « 3G Doctor Blog — Wed, 06 May 2009 15:37:16 +0000

[...] More indepth coverage of this can be found at The Washington Post and Chilmark Research. [...]

By: Claudio Luís Vera

Claudio Luís Vera — Wed, 06 May 2009 01:59:24 +0000

If it didn’t affect millions of people, it would be funny in a pathetic way. A state agency sets up a public database, and gets compromised in a data breach.

What’s truly surprising is that even the backup files are being held hostage as well. The hacker behind this not only brought down the database but also every single backup available. The state agency’s site has been for six days (and counting), unable even to restore to last week’s or even last month’s data.

What’s even more shocking is that the news media have buried this story. This should be a huge wakeup call to the vulnerability of government IT systems, potentially to attack by other states or terrorist groups. It’s not just a breach of stolen data, it’s a full-blown attack on a government agency’s ability to function. In my opinion, hat makes it the scariest data breach in the US in recent years.

On a lighter note, here’s a link to the Virginia Data Bandit’s ransom note: http://file.sunshinepress.org:54445/virginia-ransom-2009.html.

Oh, and time’s up tomorrow, May 6th.

By: Virginia Department of Health Professions Breach: Extortion Demand Regarding 8M Patient Records and 35M Prescriptions | Public Healthcare Promotion

Tue, 05 May 2009 21:56:24 +0000

[...] At the bottom of his follow up post, John Chilmark asks the question: “Now the question is, under HIPAA, does the VDHP have to [...]

By: Bob Coffield

Bob Coffield — Tue, 05 May 2009 20:00:52 +0000

John, Thanks for the follow up post on the alleged data breach involving records at the Virginia Department of Health Professions. I noticed your question at the end of your post and thought I would provide you with a quick analysis of my thoughts on the requirements for breach notification under federal and state law. I added a "update" at the bottom of my original post on the situation.