A cyber hacker who claimed to have stolen the medical records of more than 8.3 million residents of the state of Virginia is demanding $10 million for their return, the Washington Post reported.
The FBI and state officials have confirmed that they are investigating the incident.
The report Thursday came a week after someone managed to take over a Virginia Department of Health website that monitors prescriptions to track the sales of controlled substances. The hacker shut down the site and posted a ransom note online, claiming to have stolen and encrypted the data and threatening to sell the data to the highest bidder if authorities did not pay him by Thursday.
"Attention Virgina," the demand read, "In my possession right now are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too."
The incident comes at a time of heightened concerns about the privacy and security of medical data as US President Barack Obama is attempting to introduce a new national health records system.
Sandra Whitley Ryals, director of Virginia's Department of Health Professions, declined to comment on the details of the case. But she confirmed that the entire system has been shut down since Thursday to protect the security of the programme data.
"We are satisfied that all data was properly backed up and that these backup files have been secured," she said.