Veterans Health Administration

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Veterans Health Administration (VHA) in Washington, D.C., experienced a data breach that compromised the personal information of approximately 46,000 veterans. The breach was announced by the U.S. Department of Veterans Affairs (VA) Office of Management on September 14, 2020. Unauthorized users accessed one of the VA’s online applications, which is used to make payments to community health care providers for the medical treatment of veterans. The attackers employed social engineering techniques and exploited authentication protocols to alter financial information and divert payments from the VA.

The Financial Services Center (FSC) of the VA took the compromised application offline and initiated a breach report to the VA’s Privacy Office. A comprehensive security review by the VA Office of Information Technology is required before system access will be reenabled. The FSC is notifying affected individuals, including the next-of-kin of deceased veterans, about the potential risk to their personal information. The VA is also offering free credit monitoring services to those whose Social Security numbers may have been compromised. Veterans whose information was involved are advised to follow the instructions in the notification letter to protect their data. If a veteran did not receive an alert by mail, their personal information was not involved in the incident[1].

For further assistance, affected veterans or their next-of-kin can contact the FSC Customer Help Desk via email at VAFSCVeteransSupport@va.gov or by writing to the VA FSC Help Desk, Attn: Customer Engagement Center, P.O. Box 149971, Austin, TX 78714-9971[1].

Citations:

  1. https://news.va.gov/press-room/va-notifies-veterans-of-compromised-personal-information/
  2. https://www.vaoig.gov
  3. https://fedscoop.com/va-investigates-breach-after-federal-contractor-publishes-source-code/
  4. https://www.whistleblowers.gov
  5. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
  6. https://www.washingtonpost.com
  7. https://www.hipaajournal.com/washington-dc-va-medical-center-breach-exposes-phi-3463/
  8. https://www.osha.gov
  9. https://en.wikipedia.org/wiki/Veterans_Health_Administration_controversy_of_2014
  10. https://www.defense.gov
  11. https://www.beckershospitalreview.com/healthcare-information-technology/washington-dc-va-medical-center-reports-breach-due-to-missing-report.html
  12. https://dchealthlink.com
  13. https://www.nbcnews.com/politics/politics-news/watchdog-report-failed-va-leadership-put-patients-risk-n854486
  14. https://www.propublica.org/article/when-veterans-cant-access-the-psychiatric-care-they-need
  15. https://www.cnn.com/2020/09/14/politics/veterans-affairs-data-breach/index.html
  16. https://www.atg.wa.gov
Breach Submission Date Jan 05, 2024
Converted Entity Name Veterans Health Administration
Converted Entity Type Healthcare Provider
State DC
Individuals Affected 2,380
Breach Type Unauthorized Access/Disclosure

Breach Information Location Paper/Films

Business Associate Present Yes