Wikileaks & Virginia’s Prescription Monitoring Program
Security leaks continue to make the news. The truth is that I don’t even have to go looking for them; they just seem to keep popping up on an almost daily basis. This week’s security breach was released by Wikileaks. Many of you may not have ever heard of Wikileaks before this week. It is a site that is somewhat like Wikipedia in that it serves as an online dictionary — Wikileaks serves to expose information and reveal unethical behavior in governments and corporations. The site’s earlier claim to fame came during the 2008 U.S. presidential campaign when the Wikileaks site exposed vice presidential candidate Sarah Palin’s Yahoo email account hacker attack. This week’s exposure is much more alarming.
On Thursday, April 30, Wikileaks reported that the secure site for the Virginia Prescription Monitoring Program (PMP) was replaced with a $10M ransom demand that bluntly stated, “In my possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions…For $10 million, I will gladly send along the password…If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid…”
The Virginia state police and FBI would like to find the person (or people) who left the note on the state’s web site. The Virginia Prescription Monitoring Program site is used by doctors and law enforcement officials to monitor prescription drugs and strong narcotics. While the state’s site is still down as a result of the breach, very little has been confirmed or denied by the state of Virginia.
While we can only hope that there are no more security breaches this year, at best, this would be wishful thinking. According to a Washington Post interview by Alan Paller, director of research for the SANS Institute, attacks like these are common but rarely make the news, because some companies actually pay to keep such attacks quiet.
I know how hard it is for working security professionals to meet each day’s challenges, but the stakes are high should we fail at our tasks.
From Michael Gregg