It seems a hacker has broken into the Virginia Prescription Monitoring Program and left a ransom note:

"I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send along the password."

Lots to unpack here:

  • Libertarians are, of course, deeply conflicted.  On the one hand, blackmailers are despicable criminals.  On the other hand, the practice of monitoring legal adults to make sure they don't get high without permission is also despicable, and results in widespread undertreatment of severe pain.
  • How did he get at the backups?  Tech people want to know.  Several possible answers:
    • It's an inside job
    • He hacked the backup routine
    • He didn't--it's a big lie.  (But if so, why no denial?)
  • Then there's the question of how he gets the money.  Kidnapping is hard to get away with in these days of electronic transfers and high-tech surveillance of physical drops.
  • This has unpleasant implications for the future of electronic medical records systems.

We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.