Virginia gets $10 million ransom demand for data breach

From InformationWeek via the Health Care Law Blog comes news that the Virginia Department of Health Professions has received a $10 million ransom demand for 8.3 million patient records and 35.6 million prescription records.

Let me repeat: someone allegedly is extorting the State of Virginia for $10 million over a security breach involving millions of electronic health records.

I’d write more, but it seems like Bob Coffield has covered the issue pretty comprehensively on the Health Care Law Blog. He cites the alleged ransom note, Virginia’s response and a very interesting blog post about HIPAA notification responsibilities from John Moore of Chilmark Research.