» This Story:Read +| Comments

Get Local Alerts on Your Mobile Device

Text "LOCAL" to 98999 to get breaking news, traffic and weather alerts.

VIRGINIA

Hard Questions In Wake of Reputed Health Data Theft

Program Official Defends Safeguards

Discussion Policy
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Washington Post Staff Writer
Wednesday, May 13, 2009

RICHMOND, May 12 -- Legislators had sharp questions for state officials Tuesday about how hackers stole millions of personal pharmaceutical records from a prescription drug database that was supposed to be secure.

This Story

"It doesn't sound like the proper firewalls, the proper backing up, the proper security measures were in place at the time,'' said Del. Joe T. May (R-Loudoun), who chairs the Joint Commission on Technology and Science. "The question is . . . why weren't they?''

The pointed questions came at a House Appropriations Committee meeting almost two weeks after hackers claimed to have taken 8 million patient records and 35 million prescriptions collected by the Prescription Monitoring Program. The hackers then attempted to blackmail the state, threatening to sell the data if they did not receive $10 million last week.

Pat Paquette, technology director for the Department of Health Professions, defended the agency and its security measures.

"Those things were in place, have always been in place,'' she told the lawmakers.

The state has a multimillion-dollar contract with Northrop Grumman to update its computers to include better security, she said. The upgrades at the Department of Health Professions are expected to be completed in August.

The FBI, along with the U.S. attorney's office and Virginia State Police, are conducting an investigation into the alleged theft.

"It's like looking for a needle in a haystack, but they do have the ability to find the needle and they will,'' said Marilyn Tavenner, secretary of health and human resources.

It's unclear whether the hackers followed through on their threat -- the deadline for the state to pay up passed last week. Tavenner said the state has yet to verify that the hackers actually succeeded in stealing patient records, as they have claimed. If the theft is real, it would be among the most serious cybercrimes the state has ever faced.

"I don't think this is the last time we are going to see something like this happening,'' Del. L. Scott Lingamfelter (R-Prince William) said. "I have some question as to whether there is a comprehensive approach to cyber security in the commonwealth.''

Lingamfelter, who suggested that the hackers could be cyber-terrorists, called for a "top-down review." Other legislators and privacy advocates are questioning whether the database is needed in the first place.

The database was designed to help doctors and pharmacies track powerful narcotics and painkillers to reduce the abuse, theft and illegal sale of the controlled substances sold under labels that include OxyContin and Vicodin.


CONTINUED     1        >



» This Story:Read +| Comments

More in the Metro Section

Local Blog Directory

Find a Local Blog

Plug into the region's blogs, by location or area of interest.

Virginia Politics

Blog: Va. Politics

Here's a place to help you keep up with Virginia's overcaffeinated political culture.

D.C. Taxi Fares

D.C. Taxi Fares

Compare estimated zoned and metered D.C. taxi fares with this interactive calculator.

FOLLOW METRO ON:
Facebook Twitter RSS
|
GET LOCAL ALERTS:
© 2009 The Washington Post Company