[UPDATED - Please scroll down]
[Welcome Industry Radar readers!]
On the one hand, EMR (electronic medical records) promises convenience and efficiency. Having one's records easily accessible by one's provider saves both parties time, and can help avoid potentially dangerous medication interaction problems.
On the other hand, one's data is only as convenient and safe as the holder of that data makes it. In Virginia, for example, the state has set up a website for licensed pharmacists to track potential prescription drug abuse. Unfortunately, the firewall protecting this sensitive information wasn't as effective as they might have believed: hackers broke into the system, deleting "records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records."
The news item is based on a Wikileaks entry that claims to include a copy of the ransom note. It's hard to verify that, since it's just text, not a picture of the note itself. Naturally skeptical, I clicked on over to the Virginia Department of Health's website, hoping to find either confirmation or denial. Unfortunately, this is what I found at the top of the relevant page:
Ooops.
While this kind of news makes interesting, and perhaps important, blog fodder, I can't in good conscience comment as if this is fact. We'll continue to follow this, updating and expanding on this post.
[Hat Tip: Holly Robinson]
5/6/09: New information is coming online about this bizarre situation. According to Fox News:
The Prescription Monitoring Program discussed in the original post is still offline, which is causing even more speculation, but which may be indicative of a simple server crash. According to the news story, though, a spokescritter with the Virginia Department of Health claims that the "Prescription Monitoring Program Web site is now secure," although there's nothing to corroborate (or refute) her statement.
Since we have only the hacker's word that the data was breached, I'd prefer not to speculate, but we'll keep our readers posted.
5/7/09: It appears that the site is now back online. According to a statement from the Director of the Department of Health Professions, "A criminal investigation is currently underway regarding a potential security breach of the Virginia Department of Health Profession’s (DHP) Prescription Monitoring Program on Thursday, April 30. While DHP cannot comment directly on an ongoing investigation, we can assure the public that all precautions are being taken for DHP operations to continue safely and securely " [emphasis added]
Gee, that must be comforting to those allegedly affected by recent events.