Click here Internet.com - The Network for Technology Professionals * IT Professionals + IT Management + CIO Update + Security + Storage + Server + Networking + Small Business + Enterprise Applications + Database + Mobile + IT News * Developers + Architect / Enterprise + General Development / OS + Java Development / OS + Microsoft Technology + PHP Development + Web Development * Solutions + HotList + Video * eBook Library * Webopedia * Login + Manage My Profile * Register Click here [logo.gif] REALTIME IT NEWS Blogs | 7 Day Summary | JustTechJobs Click here __________________________________ Find * * Hardware * * Software * * Mobility * * Web Content * * Search * * Government * * Developer * * Business * * Storage * * E-Commerce * * Networking * * Security + * * Commentary * Newslinx Click here * Blogs * Most Popular * Hot Topics * Opinion [forums_bullet.gif] Firefox 5 gets speedy (not SPDY) [forums_bullet.gif] Adobe AIR ditches Linux users [forums_bullet.gif] Fedora 13 nears end of life [forums_bullet.gif] Mozilla launches MemShrink effort to improve Firefox memory use [forums_bullet.gif] Where is Linux on IPv6 Day? [forums_bullet.gif] CSS 2.1 finally a standard just in time for CSS 3 [forums_bullet.gif] VLC 1.1.10 updates open source media player for security [forums_bullet.gif] Oracle gives OpenOffice to Apache - What a Terrible move. [forums_bullet.gif] Firefox 6 shows 'progress' [forums_bullet.gif] Red Hat Enterprise Linux 5.7 adds OpenSCAP [ More ] [forums_bullet.gif] Say What? Top Five IT Quotes of the Week [forums_bullet.gif] Has Linux Missed the IPv6 Day Train? [forums_bullet.gif] Mozilla Aims to Reduce Firefox Memory Use [forums_bullet.gif] Microsoft Loses Supreme Court Patent Case [forums_bullet.gif] Windows Phone to Beat Apple iOS in 2015 [forums_bullet.gif] Wireshark Moves Forward at Riverbed [forums_bullet.gif] Avaya Set to Go Public, Again [forums_bullet.gif] Google's Chrome 12 Debuts [forums_bullet.gif] Adobe Set to Auto-Update Acrobat and Reader [forums_bullet.gif] Microsoft's Office 365 Coming to BlackBerry, PlayBook [forums_bullet.gif] The Browser Wars Return [forums_bullet.gif] The Rise of the iPhone [forums_bullet.gif] Cybersecurity [forums_bullet.gif] Android The Giant? [forums_bullet.gif] Making Money Off The Social Web [forums_bullet.gif] Here Come the iPhone Apps [forums_bullet.gif] The Competitive Mobile Landscape [forums_bullet.gif] Politics And Web 2.0 [forums_bullet.gif] Yahoo Looks Ahead [forums_bullet.gif] A New Era For Microsoft [ More ] Looking at the Advantages of a True Saas Solution As demand for cloud services grows, many established vendors are selling old wares as new. [forums_bullet.gif] No Quick Fix for Storage Management Woes [forums_bullet.gif] Why 'Mobile' Is on the Way Out [forums_bullet.gif] IDC and Gartner Look at Cloud From Two Sides [forums_bullet.gif] Where's Microsoft's Enterprise Tablet Offering? [forums_bullet.gif] If You're Online, You're Working for Google [forums_bullet.gif] Why We Need a Real iPad Killer, Fast [forums_bullet.gif] How 'Unemployable' Are U.S. IT Pros Really? [forums_bullet.gif] HP's Unix OS Gets an Overhaul [forums_bullet.gif] Is Google About to Get Lawyerbombed? [ More ] Click here Click here * Subscribe * Learn More * Stats * Contact Staff Select a newsletter and click Join to sign up! GO [_] IT News Daily [_] InternetNews Business Report [twitter.jpg] Follow Us On Twitter InternetNews.com Podcast [podcast.png] InternetNews.com Channel XML/RSS Feeds InternetNews.com rss rss IT Business News rss rss Developer News rss rss Ecommerce News rss rss Software IT News rss rss Hardware IT News rss rss Government News rss rss Search News rss rss Enterprise IT Planet News rss rss Networking News rss rss IT Security News rss rss Storage News rss rss Mobility News rss rss Web Content News rss rss Internet Stats rss rss Linux Today rss rss Click a Topic to Expand The Social Web The New Idiot Box Feeling the Need for RSS Feeds RSS Scorecard Apple vs. Bloggers Enterprise Web 2.0 Politics And Web 2.0 Web Services Management Web services: Evolution or Revolution Making Money Off The Social Web The Lure of The Social Network The Privacy of Social Networking My Grand Google Obsession Coding Google's Future Google Fun in The Summer Google Pushes Apps Google's Data Ambitions Google's IPO Google's Way With Words Google, Opponents Square Off in DoubleClick Bid Microsoft's Past Present And Future The Vista Ripple Effect A New Era For Microsoft Eolas, Microsoft Duke it Out over ActiveX Microsoft Preps Security Makeover for XP Microsoft's Security Challenge Microsoft's Storage Ambitions Microsoft, AOL Become Partners Microsoft/Yahoo: Can It Work? Sun, Microsoft Bandage Old Wounds The Next Microsoft Era Truth Time at Microsoft's PDC XML, Microsoft Threaten Adobe's PDF Format Will Office 2003 Change Everything? Mobile Universe Motorola in Trouble City-Wide Wi-Fi Connected in The Windy City Ultrawideband in the Home Wi-Fi's Hotspots CTIA in The Big Easy Technology, Policy and Politics 3G at Home and Abroad The Competitive Mobile Landscape CTIA: A Wireless World in Sin City Gadget Fest: CTIA Wireless 2008 Wireless Policy in Washington Cradle to Grave Information Management Disaster Recovery and Continuity The Storage Compliance Boom Compliance, Regulation And Storage Calling all Clusters, Supercomputers Betting on BPM Database Software Continues to Evolve Tech's Legal Battles Google in Court RIM Has Patent Issues Microsoft In Court Technology in the Courts End of the IE Antitrust Case Microsoft's Legal Struggles The AMD/Intel Antitrust Showdown A Patent Battle on eBay Territory Google, Microsoft and Yahoo's Three-Way Search Battle Calling Net Neutrality Microsoft's EU Blues Vonage on The Patent Hot Seat Platforms and New Packages VMware and the Virtualization Craze Virtualization for All SOAs in The Enterprise Application Server Biz on the Rebound Curtain Drawn on Windows Server 2003 SaaS in The Market Struggling to Stay Atop the Server Market Web Standards Bodies Fight for Freedom Open Source Ecosystem Microsoft: Loosening the Grip on Source Showcasing Java Sun a 'Tiger' at JavaOne The Future of Java GPL: Software Freedom Redefined Linux in the Enterprise Linux on the Desktop LinuxWorld 04: A More Mature Tux LinuxWorld Storms San Francisco LinuxWorld Takes Boston LinuxWorld by the Bay Oracle's Linux Realm SCO Declares War on Linux The Growth of Open Source Storage The Linux Kernel Novell, Microsoft in Open Dance Open Source Open for Business Open-source Databases Gathering Steam Oracle Plants Flag at OpenWorld 2006 Evolution of Search Competing for the Search Lead Enterprise Search Ready for Prime Time Mobile Search Takes Flight Racing To Dominate Desktop Search Search And Censorship Search Engine Optimization Search Meets Mapping Thinner Slices of The Paid Search Pie Dell Surges Higher in PC Market Share [March 11, 2011] Acer dropped down to third place behind Dell in the latest report from HIS iSuppli. How did the growth of media tablet sales impact the results? Why do SMBs Love Virtual Offices? [March 10, 2011] Survey details some of key reasons small-to-midsize business owners, CEOs and sales managers regularly leverage virtual office capabilities. Data Breach Recovery Getting More Expensive [March 9, 2011] Report says the cost enterprises have to pay to fix security and restore operations after a data breach continue to grow. Android Tops RIM, Apple in Mobile OS Share [March 8, 2011] Google's mobile operating system Android is crowned king of the U.S. mobile market for the first time by comScore. [ More Stats ] [ln_top3.gif] Partner With Us Click here Click here Click here Click here InternetNews.com >> Security Virginia State Health Data Held Hostage for $10M UPDATED: The state of Virginia received a ransom note demanding cash for medical records and threatening to sell personal data on the criminal market. [emailsm.gif] [print.gif] [commentsm.gif] [blog.gif] Share this Article [digg.gif] Digg [del.gif] Del.icio.us [icon_vinelink.gif] Newsvine [facebook.gif] Facebook [google.gif] Google [icon_linkedin.gif] LinkedIn [icon_myspace.jpg] MySpace [icon_redit.png] Reddit [slashdot_icon.jpg] Slashdot [stumbleit.gif] StumbleUpon [technorati.gif] Technorati [icon_twitter.gif] Twitter [icon_windowslive.gif] Windows Live [icon_yahoo.gif] YahooBuzz [icon_friendfeed.png] FriendFeed Print this Article Comment on this article Email this Article May 7, 2009 By Alex Goldman: [text.gif] More stories by this author: data breach Although advocates agree that healthcare IT will improve service and save money, they worry about the privacy implications. Those fears were brought home with a breach in the state of Virginia. A hacker last week claimed to have seized 8,257,378 patient records and a total of 35,548,087 prescriptions from the Prescription Monitoring Program (PMP) of Virginia.gov, a service that helps the state and medical professionals track prescription drug abuse. The April 30 breach also resulted in the PMP Web site's front page being defaced by a message from the hacker, which appeared on Wikileaks. In the message, the hacker demanded $10 million for access to the records -- which he or she claimed were the only available copies -- and said that if the state didn't comply by today, the records would be sold to the highest bidder. "Now I don't know what all this s--t is worth or who would pay for it, but I'm bettin' someone will," the hacker wrote. "Hell, if I can't move the prescription data at the very least I can find a buyer for the personal data (name, age, address, social security #, driver's license #)." [callout4-top.gif] If ... you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid. [callout4-bot.gif] State officials confirmed the attack and pledged to do everything possible to solve the crime. "A criminal investigation is currently underway regarding a potential security breach," Sandra Whitley Ryals, director of the Virginia Department of Health Professions (DHP), said in a statement. "While DHP cannot comment directly on an ongoing investigation, we can assure the public that all precautions are being taken for DHP operations to continue safely and securely." Virginia Gov. Tim Kaine told a local TV news network yesterday that the state would use the episode as a learning exercise. RELATED ARTICLES [forums_bullet.gif] ID Theft Threat Grows With 1M Already Hit in '09 [forums_bullet.gif] Software Industry Wants Wider Role in U.S. Policy [forums_bullet.gif] IBM's Shot in the Arm for Google Health Tech [forums_bullet.gif] Laptop Theft Loses 1M Social Security Numbers [forums_bullet.gif] Feds Fight to Plug Security Holes For more stories on this topic: ____________________ GO Officials have not yet said how the breach occurred. They did say that they found "an unauthorized message on the Web site," which they're studying for clues. They also said that they've taken further steps to prevent additional damage. "The entire DHP system has been shut down since Thursday to protect the security of the program data," Ryals said. She added that the Virginia Information Technologies Agency (VITA) and Virginia State Police have been notified. In the absence of specific information about the breach, experts were left to speculate as to its cause -- and how the state might have better protected itself. "There are several things organizations can do to ensure protection at all levels and safeguard information from individuals outside and inside an organization," Tim Brown, security software architect at CA, said in an e-mail to InternetNews.com. LATEST NEWS [forums_bullet.gif] ActiveState Expands Perl Cloud Tech [forums_bullet.gif] Varnish Cache 3.0 Gets Modular [forums_bullet.gif] Adobe Set to Auto-Update Acrobat and Reader [forums_bullet.gif] How Cisco's CIO Measures IT [forums_bullet.gif] Hitachi to Offer Turnkey Private Cloud Solutions "An obvious line of defense to protect a system from a hacker attack is to make sure all computers with browsers have the latest patches," he said. "Firewalls, antivirus, intrusion detection and other layers of security protection also will likely stop the malware before it infects your network." Since the hacker claims to have the only copies of the data, Brown said that a review of data archiving policies may be in order. "It is also important to ensure your sensitive data is regularly backed up and kept in offsite storage," he said. "You also can protect the systems and applications by limiting privileged access to only those who need to have access. You can do this with role models. Data loss prevention (DLP) technology also helps you identify sensitive information and take appropriate action when data is stored in inappropriate areas, e-mailed or saved." He said that an audit process is required. "Regular audits to recertify access and track usage of sensitive data are needed for continuous security and compliance," he said. Deadline nears Meanwhile, the clock is ticking on the hacker's ransom demands. "If by the end of 7 days, you decide not to pony up, I'll go ahead and put this baby out on the market and accept the highest bid," the hacker wrote in their April 30 message. Special Report Breaching Your Data Security and data breaches Information stored in databases, PCs, modile devices and online services are all up for grabs when it comes to today's sophisticated cybercriminals. While lawmakers debate how to respond, the industry is busily trying to come up with its own solutions to fight back. Virginia state authorities have not yet said how they will respond, and did not return requests for additional comment. The news comes amid increasing interest in -- and scrutiny for -- health IT initiatives. The White House, for one, is in the process of launching major health care initiatives that hinge heavily on IT efforts. Leading the executive branch's healthcare IT initiative will be one of the many tasks of the new federal CTO, Aneesh Chopra, formerly the secretary of technology of the state of Virginia. Nor is it clear whether Virginia residents affected by the breach need to be notified. One healthcare legal blogger wrote that although the Commonwealth of Virginia might not be obligated by law to inform those affected, it would be a good idea. "When I have assisted clients with these types of data breach situations in the past, I typically discuss with the client whether it is good practice to provide notification," wrote Bob Coffield of Flaherty, Sensabaugh & Bonasso. Ryals acknowledged the issue. "As the criminal investigation permits, we will be sharing additional details in the coming days on the agency's website including questions and answers for concerned program participants," she said. Update adds comments from Ryals and Brown. TAGS: privacy, security, government, cyber crime, Health IT [emailsm.gif] [print.gif] [commentsm.gif] [blog.gif] Share this Article [digg.gif] Digg [del.gif] Del.icio.us [icon_vinelink.gif] Newsvine [facebook.gif] Facebook [google.gif] Google [icon_linkedin.gif] LinkedIn [icon_myspace.jpg] MySpace [icon_redit.png] Reddit [slashdot_icon.jpg] Slashdot [stumbleit.gif] StumbleUpon [technorati.gif] Technorati [icon_twitter.gif] Twitter [icon_windowslive.gif] Windows Live [icon_yahoo.gif] YahooBuzz [icon_friendfeed.png] FriendFeed Print this Article Comment on this article Email this Article Security Archives | 7 Day InternetNews Summary | Contact Alex Goldman | Back to top Add internetnews.com to your browser search box. IE 7 | Firefox 2.0 | Firefox 1.5.x Receive news via our XML/RSS: feed Click here Click here More InternetNews.com Hardware Software Mobility Web Content * Microsoft ARMs Windows * AMD Q1 Revenues Hold Steady * Dell Expands Servers and Storage for SMBs * Apple iOS 5 Updated Over the Air * LibreOffice Moves Forward without Apache * Heroku Ruby Devs Get Xeround Database * Opera Browser Updated for Apple iOS * Windows Phone 7 Boasts 500 New Features * Google Android Now the Smartphone Leader * Facebook's Open Compute - Good for IT? * Windows 8 to Feature Office-like Ribbon? * Say What? Top Five IT Quotes of the Week Search Government Developer Business * Yahoo Tops Estimates But Sales Slip 4 Percent * CEO Shakeup at Google, Q4 Earnings Soar * Microsoft Retooling Bing Search Engine * ICANN To Vote on .XXX Domain * Online Privacy Debate Heats Up - Week in Preview Podcast March, 14, 2011 * Say What? Top Five IT Quotes of the Week * Has Linux Missed the IPv6 Day Train? * W3C Finalizes CSS 2.1 Standard * IBM Aims to Improve Dev Collaboration * Windows Phone to Beat Apple iOS in 2015 * Avaya Set to Go Public, Again * Say What? Top Five IT Quotes of the Week Storage E-Commerce Networking Security * Do Unified Data Center Products Mean Lock-in? * Oracle Refreshes Content Management Suite * Cisco Tailors Network Storage for Small Business * IBM Helps Commerce Companies Get Smarter * Facebook to Offer Online Group Discounts * One Pass More Profitable for Publishers? * Ericsson Acquiring Telcordia for $1.15 Billion * Wireshark Moves Forward at Riverbed * Silver Peak Aims For Peak WAN Optimization * Google's Chrome 12 Debuts * Adobe Patches Zero Day XSS Flash Flaw * What Triggered the Sony PSN Attack? JustTechJobs.com New Openings [rss.gif] Technical Operations Team Lead (UT) Web Project Tech Lead (UT) Investment Trading Application Developer Sr (UT) Credit Technology Developer (UT) Network Engineer (IL) C++ Team Lead, Legal and Compliance (IL) Search all Jobs » Post Your Job » Internet.com The Network for Technology Professionals Search: _____________________________________________ Find About Internet.com Copyright 2010 QuinStreet Inc. All Rights Reserved. Legal Notices, Licensing, Permissions, Privacy Policy. Advertise | Newsletters | E-mail Offers Solutions Whitepapers and eBooks Microsoft Visual Studio 2010 Articles and Resources PHP for Windows Showcase MORE WHITEPAPERS, EBOOKS, AND ARTICLES Webcasts Learn to Create a Location-Aware Webpage Video: Cloud Computing Security and Privacy Challenges MORE WEBCASTS, PODCASTS, AND VIDEOS Downloads and eKits Free Trial: Experience a 24% Average Increase in Website Sales. Try VeriSign Seal Today. HTML Goodies HTML5 Development Center Take Visual Studio 2010 For a Test Drive Download Microsoft Office Professional Plus 2010 MORE DOWNLOADS, EKITS, AND FREE TRIALS Tutorials and Demos Building a Facebook Marketing App on Azure RIA Development Articles and Resources Internet.com Hot List: Get the Inside Scoop on IT and Developer Products MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES