Big government once again screws up health care and creates more trouble than it solves:
Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file.
Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records:
"I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."
The site, along with a number of other Web pages related to Virginia Department of Health Professions, remains unreachable at this time. Sandra Whitley Ryals, director of Virginia's Department of Health Professions, declined to discuss details of the hacker's claims, and referred inquires to the FBI.
It's refreshing to see that the Virginia state government takes quality of service and uptime so seriously. They could have gone the primitive route of having the backups stored in a locked facility on DVDs burned nightly or backup tapes, but they took the modern route which is have the backups on hot standby on the same network! Good for them! They really shouldn't be blamed for making it so easy for a hacker to delete their backups and encrypt their main database. The convenience of having the backups so close to the live database was just too good to pass up!
My heart goes out to the nannystaters and drug warriors who ran this database. It's not your fault that my personal information is now in the hands of a malcontent who wants to rape my credit score like a school girl at a bukkake festival. Your tireless work to save me from my very competent primary care physician who has never prescribed the wrong medicine, let alone pain killers, was necessary to keep me from overmedicating. The only way you could keep people like me safe was to have a constantly updated database with which you could track all of Virginia's doctors and their nefarious peddling of drugs, especially to pain patients who really don't need huge amounts of drugs after years of taking pain killers. It was bound to happen, but what matters is you kept us safe. Physically. Financially, I'm feeling a mite exposed and violated, but that's a small price to pay for making sure that doctors don't make human mistakes or show compassion to chronic pain patients.
i hope they don't pay anything or recover the records. I don't have a dog in that fight, not having filled a prescription in many years. But it seems good that such a database is now out of the hands of those who would misuse it (the state).
In fact, I would be willing to pay hackers about $40 per year to do this kind of thing to other government databases (IRS, BATF, State agencies, etc). I would consider it just anouther part of safe computing package like firewals, anti-spyware and anti-virus. This guy was doing a public service by taking the records, I hope he loses the password.
Were it not for the prospect that I could become a victim of indentity theft because of this, I would wholeheartedly agree with your assessment. In fact, I would gladly pay a monthly subscription to have hackers take this sort of information out of the governments' hands and destroy it.
Here's to hoping that he loses the password.
I think American law on Identity theft is 100% wrong. Rationally, there is no such thing as identity theft. Someone cannot steal your identity because you always have it.
What we really have is fraud. When someone takes out a loan using your name, they defraud the bank, not you. That is between them and the bank. The bank is the victim, not you. But under American law, you become the victim. so the legal system and thebanks become co-conspriators with the thief to defraud you. The laws should be written to automatically exclude you and make you whole from losses in such cases. The bank is at fault for giving money to someone they could not identify with certainty. You were not even involved until the bank charged you for their losses.
I completely agree with that. In fact, my preference has been for a while to see the law changed such that not only are the banks 100% liable, but that they cannot even legally offer to sign up new accounts by mail without a notary.
If banks were 100% liable, you would not need a law restricting internet and by-mail loan applications. They would do it themselves to mitigate their own risk.
In principle, I agree. I think that such a law would only be necessary if, after 5-10 years, they didn't voluntarily start making those changes. Considering the awesome display of stupidity by the banks over the last decade, I don't give them much credit for intelligence and self-preservation.
I had my ID stolen a few years ago - the person made a fairly accurate forgery of my drivers license. Fortunately he didn't try to open any accounts so the damage to me was minimal.
The justice system did much worse to me when they tried to prosecute him - I was subpoenaed to several hearings and, even though the guy was in jail, they couldn't seem to get him to the courtroom on the day of each hearing.
Eventually they decided to drop the prosecution against him (after I had to get out of work for 4 hearings). I told them to drop the charges at the first hearing because he was in prison on drug and firearm charges and stealing my ID was only considered a misdomeaner (because he didn't use the ID to steal money).
2 years later I got a letter telling me that I should change my driver's license because it had been copied. (I probably could have changed it sooner but I'm sure it would have cost me money)
Seriously, other than the threat of identity theft/fraud, how is this database disappearing going to hurt the average joe?? I say BRAVO!