Charles George Department of Veterans Affairs Medical Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Charles George VA Medical Center in Asheville, North Carolina, experienced a data breach that was reported on July 7, 2023. This breach affected the personal information of more than 1,541 veterans. The incident involved an email sent on May 12 that inadvertently disclosed personally identifiable information (PII) and protected health information (PHI) of the veterans. The email, which included an attachment with sensitive information, was mistakenly sent through Secure Messaging to three veterans. Two of the recipients opened the email before it could be recalled[1][5].
The VA Medical Center took immediate action to mitigate the breach by attempting to delete the information from recipients who had not yet opened the communication. An investigation was initiated, and it was determined that a data breach had occurred. The affected individuals were alerted about the potential risk to their personal information, and the department offered access to credit monitoring services at no cost, especially to those whose social security numbers may have been compromised[1][5].
Veterans whose information was involved were advised to follow the instructions in a letter sent by the VA Medical Center to protect their data. Those who did not receive an alert by mail were not affected by the incident and did not need to take any action. Veterans with concerns or questions about the breach were provided with contact information for the VA Medical Center’s Privacy Officer[1][5].
U.S. Congressman Chuck Edwards sought updates from the Charles George VA Medical Center regarding the breach and the measures taken to improve data security. In a letter to the medical center’s leadership, Edwards requested information on the exact number of veterans affected, the number of veterans who utilized the free credit monitoring services, any reports of identity theft or fraud as a result of the breach, and the policies and procedures put in place to prevent future breaches[7][13].
Citations:
- https://wlos.com/news/local/charles-george-va-medical-center-data-breach-asheville-north-carolina-veterans-affairs-personal-information-reported
- https://skillbridge.osd.mil/locations.htm
- https://www.foxcarolina.com/2023/07/09/va-medical-center-nc-notifies-veterans-email-breach/
- https://www.fairfaxcounty.gov
- https://www.citizen-times.com/story/news/local/2023/07/10/asheville-va-center-data-breach-veterans-personal-data-leaked/70397735007/
- https://www.nbcnews.com
- https://edwards.house.gov/media/press-releases/edwards-seeks-updates-charles-george-va-medical-center-data-breach
- https://www.sandiegouniontribune.com
- https://www.idstrong.com/sentinel/charles-george-va-medical-center-breach/
- https://www.foxnews.com/media
- https://www.healthleadersmedia.com/technology/charles-george-va-medical-center-nc-data-breach-reported-more-1500-veterans-impacted
- https://ksltv.com
- https://edwards.house.gov/sites/evo-subsites/edwards.house.gov/files/evo-media-document/081123-va-letter.pdf
- https://www.nytimes.com/2023/06/15/magazine/doctors-moral-crises.html
- https://www.idstrong.com/data-breaches/charles-george-va-breach/
- https://theconversation.com/us