According to Wikileaks, hackers broke into servers at the Virginia health department that monitors prescription drug abuse and replaced the homepage with a ransom demand. The attackers claimed they had deleted the backups, and demanded $10 million for the return of prescription data on more than 8 million Virginians. Virginia isn't saying much about the attacks at the moment, except to acknowledge that they've involved the FBI, and that they've shut down e-mail and a whole mess of servers for the state department of health professionals.
The ransom note claims that the backups have "gone missing" (and makes a reference to the Coen brothers movie Burn after reading)
I find it kind of hard to believe that the backups were destroyed. Best practices say to have off site, secure backups (preferably in a different geographic region). This would be hard to compromise, even if it's an inside job.
The Economist had a special report on electronic health records a couple of weeks ago that argued an intelligent network was needed to share (and secure) health information. It looks like the report was timely.