Hackers claim to have taken Virginians' health data

The claim, now under investigation, could hurt states' efforts to form prescription drug-monitoring systems.

By Pamela Lewis Dolan — Posted May 29, 2009

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

On April 30, a note was posted on the main page of the Virginia Dept. of Health Drug Monitoring Program's Web site from a hacker or hackers who claimed to have the records of more than 8 million patients and 35 million prescriptions.

The hackers claim the data include names, addresses, and Social Security and driver's license numbers, which will be kept private in exchange for $10 million, or otherwise sold.

At least one group thinks the alleged breach is a hoax. But regardless, the incident could hurt efforts to get drug-monitoring program legislation passed in other states.

Sherry Green, executive director of the National Alliance for Model State Drug Laws, which has advised several states that drafted monitoring laws, said she questions whether the data were really stolen but is following the story closely. Also watching, she said, are Missouri and Oregon, which have pending legislation that would create a similar drug-monitoring program, as well as Florida, where legislation recently passed and is awaiting the governor's signature.

If the breach occurred, or is not identified as a hoax before those laws come up for a vote or a signature, the Virginia incident will fuel arguments against the legislation, Green said.

The biggest discrepancy, according to Green, is the number of patients the hackers say they have information on. Referring to 2008 Census numbers, Green pointed out that the state of Virginia doesn't have 8 million people. Additionally, the program does not ask for, nor does it collect, driver's license numbers or Social Security numbers, which the hackers claim to have.

Virginia Gov. Tim Kaine says the state won't pay the ransom money. The Virginia Dept. of Health Professions, which runs the program, hasn't confirmed that the data were stolen, only that the Web site was vandalized.

Sandra Whitley Ryals, director of the department, issued a statement confirming that the unauthorized message was posted on the Web site. She also said federal and state officials, including the FBI and the Virginia Information Technologies Agency, were investigating. The statement went on to say that all data were backed up and that those files have been secured.

Thirty-eight states have laws authorizing a monitoring program, and 33 of those states have programs up and running. The American Medical Association took up the issue of drug monitoring programs at its 2008 Annual Meeting and is in support of the programs as a way of assisting physicians in identifying patients in need of help.

Back to top



Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story

Read story


American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story

Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story

Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story

Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story

Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story

Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story

Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story

  • Stay informed
  • Twitter
  • Facebook
  • RSS
  • LinkedIn