Wikileaks is reported to have published a copy of the ransom note (please pardon the grammar and language in the original): "I have your [expletive] in *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh 🙁 For $10 million, I will gladly send along the password." Neither the Wikileaks site nor the Virginia site is not accessible as I write this. A spokesman for the FBI’s Richmond, Virginia office said today that the agency was investigating a referral from the Virginia Information Technologies Agency. Assuming this breach is real, it carries with it a certain amount of irony, in that encryption is being used as part of the extortion plot. Could this breach have been prevented? It is also hard to believe that hackers would be able to access the backup files as well. There are more questions than answers at this point, but there will surely be lessons to be learned.
Copyright © 2020, Foley Hoag LLP. All rights reserved.