Hacker claims to have stolen Virginians' prescription records

Looks like another VITA/NG issue again. This partnership has wasted more tax money than is known. And now they cannot even provide basic computer security to guard the publics information. This added to the sorry equipment that we are issued, the networks that were slowed down from 1000 KBPS to 100 KBPS, the lack of and sorry tech support, and uncarrying attitude of state officials all make this worse. I hope that someone finds a way to sue VITA/NG if their information is used. Instead of paying the ransom, VITA/NG should offer the hacker a job. He is obviously better than their employees. Our agency just lost two good computer techs because VITA/NG made their job impossible. They could not even answer a simple question from us without having to create a trouble ticket so that we could be charged for it. Focus more on the computer issue here than the fact that the list exist.

While it is unfortunate that the security of the database may have been compromised, I think this program is great! Doctors prescribe painkillers left and right, but there is nowhere to turn if you become addicted. I know many patients (my husband included) who have become addicted and began doctor shopping when their primary doctor was clueless about detox. Doctors have become legal drug dealers for many patients whether they are aware or not. A program like this holds doctors responsible for over-prescribing medications as well as gives them the knowledge they need to identify an addict. I hope this program is expanded to the national level!

It would only be embarrassing if you didn't actually need the drugs you take. Everybody uses some type of drugs these days. Some of us just choose ones that grow naturally from mother earth.

Not a good thing to read about...

"database “remain vigilant” for the next year or two, checking their bank accounts and credit reports for signs that their information is being misused"

This, to me, means anyone who's had any type of pain prescription filled in this State. For all I know it may be every prescription we have filled.

Furthermore, the more I think about this database the angrier I become. What right has some agency got collecting our personal perscription data. If they want to know what we get from our docs they can ask.

Just wait until obumbler enacts government healthcare. Instead of insurance companies telling people what they can and cannot have there'll be inept government bean counters telling us.

Per my understanding of the story: The hacker claims to have copied the database to her/his computer and deleted the original and the back-up from the DHP's system.

So did she/he do it or not?

Also: Can the Citizens of the Commonwealth file a class action HIPPA lawsuit against DHP? Obviously this sensititive Protected Health Information was not properly safeguarded. Lets get some gainful employment for those lawyers who have fallen on tough times.

This guy must be pretty clever to be able to not get caught!!

thecommentdepot.com

Imagine an employer going on line and looking at an applicants pharmacy record. Is the person being treated for depression, do they have a heart condition are the arthritic? It is easy to determine from what medications you are taking what your medical history is. With the push towards electronic medical records and the push to transfer data to different points the risk of this happening again is great.

What would happen if a hacker got into a medical data base with malicious intent. Changing medical orders or prescritions or altering medical histories. This is a very serious issue.

lets put away the tinfoil hats for a minute and take a moment. PII risks are serious, but we don't know if the data has been compromised. we also don't know what exactly that data might be if it was. there is a plethora of information online about reducing your risk of 'identity theft'. your biggest risk would come from your own trash can. until the random threat and extortion from the internet is substantiated its not time to circle the wagons.

(Sorry - my previous post was truncated - here is the rest)

Or, how about the Virginian-Pilot reporters who end an article on such an important topic with such an insulting comment. As a long-term-subscriber, I recommend they ought to worry about that.

By the way, one concrete piece of information that could be helpful would be a list of ALL medications included in the database. That way, if a patient sees their med on the list, they can begin to take steps to protect (what's left of) their privacy without waiting for those affected to "be notified eventually".

1) Was the list compromised or not?
2) The Obama desire to have all medical records be electronic could be just as vulnerable to hacker attack. Can you imagine having all of your medical records deleted?
Change we can believe in will become CHAINS we are trapped by.

The last two paragraphs of this article add an insult to the injury:

-------------------------------------------------------------------
The most likely danger is public embarrassment, said Jay Levine, a pharmacist at Atrium Pharmacy in Norfolk.

“The people who should be worried are politicians and people like that who don’t want information getting out about what drugs they’re on,” he said.
-------------------------------------------------------------------

Mr. Levine - may I ask what kind of patient DOES want that kind of information to "get out" in the public?

Perhaps it is you, a professional pharmacist being entrusted with sensitive patient data, who should worry about this serious breach, too?

Or, let me see, how about the people who decided to embrace this "pilot project", or have overseen its full-blown implementation, without realizing (or sufficiently guarding against) its potential to jeopardize the privacy of millions of patients? They should _definitely_ worry about - at the least - their jobs, if not some possible legal action coming their way...

Or, how about the Virginian-Pilot reporters who end an article on such an important topic with

OK, yea i know i am on the internet and so is everyone else.Not to mention that we all have personal info in our computer machines.Sometimes i wish i could be totally off the grid,but keep wishing.I digress,why is the GOV.tracking prescriptions?Wait do not answer that you could put yourself in jeopardy.Let the hacker keep the info.If your in that database and you know who you are get a lawyer and file a class action lawsuit and sue.I smell story here$$$

Gee, I'm so glad you're computer-izing all of my personal medical records, and a big thank you to everyone in the health profession for re-assuring me my information is perfectly safe.

From this paper reporting on the program while in western Virginia ...
http://aspi.wisc.edu/documents/pdf/VirgPMP.pdf

The primary purpose of the PMP is to help providers prospectively identify patients who may be “doctor shopping” in an effort to access schedule II drugs. An unintended consequence is that physicians may feel as if there is a greater oversight of their prescribing behaviors by law enforcement and/or regulatory agencies.

It is a good report and they did pilot before rolling out to the rest of the state.

Unfortunately, securing this data was not the priority it should have been. I would like to know who they used to design, test, and maintain their security defenses.

Can hardly wait until all our personal info is so accessible via government mandated health care.

Funny how this is supposedly to track all these dangerous meds but this was the Pilot's take just two months ago.

In Va., it's up to patients to keep an eye on doctors

By Bill Sizemore
The Virginian-Pilot
© March 9, 2009

A decade after a legislative panel found that Virginia allowed dangerous doctors to keep practicing for years before losing their licenses, a national study says the state remains among those least likely to take serious disciplinary action against physicians.......
The Virginian-Pilot has documented that 10 patients of Dr. Stephen Plotnick have died since 2004, according to medical board records, civil lawsuits and medical examiners' reports. At least seven of those were overdose deaths directly traceable to drugs Plotnick prescribed.

in this day of identity theft, WHY are they putting sensitive information into a computer data base for all to see. Has this 'hacking' been done with any other states? or is Virginia just the most stupid state of the 50?

The really pathetic thing about this is that yesterday I read this in Finnish news (as in Finland, little country between Sweden and Russia, home to Nokia phones) before anyone else was carrying it over in the US (other than the blog at Washington Post). And that was the second news outlet to carry it, a computer magazine had already posted it on their site.
Does anyone know if these records also contain the info of people who buy allergy medication with pseudoephedrine in them? Those are all supposedly tracked as well.
But yea, until they can give some sort of guarantee of the safety of health records the government needs to keep their paws off of them.

in catching the culprit, however someone this bold probably has nothing to fear as I seriously doubt if they are in the US. It will be very interesting to see what happens if they are able to trace this overseas. The bottom line is many people still have their SS# on their driver license so if the hacker has the database they have enough information to do some damage. And remember this database has the information from not only prescriptions but over the counter purchases of cold remedies that contain what is used to make meth. Welcome to the world big brother stupidity. Keeping a database this large with many years of information is plain crazy. The question to be asked now is whether the database has helped combat prescription abuse in such a way that the information is worth keeping for more than a few months.

So the real story here should be that this database was there at all, not that it was hacked (which is all but an inevitability). And the real unanswered question is who thought such a database was a good idea in the first place and why. I'm not a trained journalist or anything, but it seems to me that information should have been a primary part of the story. Who put our information there for the hacking? Maybe an interview with the person/people who put the database there? Or something showing us how many lives were saved using this database? Or how much this is costing Virginia taxpayers? I know, piddly questions about immaterial stuff, but I think we deserve to know. C'mon Virginian Pilot, how about some reporting?