Veterans Health Administration
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Veterans Health Administration (VHA) in Washington, D.C., experienced a data breach that compromised the personal information of approximately 46,000 veterans. The breach was announced by the U.S. Department of Veterans Affairs (VA) Office of Management on September 14, 2020. Unauthorized users accessed one of the VA’s online applications, which is used to make payments to community health care providers for the medical treatment of veterans. The attackers employed social engineering techniques and exploited authentication protocols to alter financial information and divert payments from the VA.
The Financial Services Center (FSC) of the VA took the compromised application offline and initiated a breach report to the VA’s Privacy Office. A comprehensive security review by the VA Office of Information Technology is required before system access will be reenabled. The FSC is notifying affected individuals, including the next-of-kin of deceased veterans, about the potential risk to their personal information. The VA is also offering free credit monitoring services to those whose Social Security numbers may have been compromised. Veterans whose information was involved are advised to follow the instructions in the notification letter to protect their data. If a veteran did not receive an alert by mail, their personal information was not involved in the incident[1].
For further assistance, affected veterans or their next-of-kin can contact the FSC Customer Help Desk via email at VAFSCVeteransSupport@va.gov or by writing to the VA FSC Help Desk, Attn: Customer Engagement Center, P.O. Box 149971, Austin, TX 78714-9971[1].
Citations:
- https://news.va.gov/press-room/va-notifies-veterans-of-compromised-personal-information/
- https://www.vaoig.gov
- https://fedscoop.com/va-investigates-breach-after-federal-contractor-publishes-source-code/
- https://www.whistleblowers.gov
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
- https://www.washingtonpost.com
- https://www.hipaajournal.com/washington-dc-va-medical-center-breach-exposes-phi-3463/
- https://www.osha.gov
- https://en.wikipedia.org/wiki/Veterans_Health_Administration_controversy_of_2014
- https://www.defense.gov
- https://www.beckershospitalreview.com/healthcare-information-technology/washington-dc-va-medical-center-reports-breach-due-to-missing-report.html
- https://dchealthlink.com
- https://www.nbcnews.com/politics/politics-news/watchdog-report-failed-va-leadership-put-patients-risk-n854486
- https://www.propublica.org/article/when-veterans-cant-access-the-psychiatric-care-they-need
- https://www.cnn.com/2020/09/14/politics/veterans-affairs-data-breach/index.html
- https://www.atg.wa.gov