Veterans Health Administration cyberattack compromises thousands of records

The Veterans Health Administration (VHA) said a cybersecurity attack potentially disclosed protected health information for thousands of veterans

What we know

VHA officials said letters will be sent to 2,302 veterans believed to have been affected by the data breach. The documents accessed may have included the veterans' full name, medical record information as well as their social security number.

The server that was attacked is managed by DBP, Inc., which VHA said is a contracted medical transcription vendor. 

The VHA said an investigation revealed the attack "did not affect any medical record information in the VA electronic health record." 

Officials also determined that the server was "locked down", or encrypted, and "potentially copied by the offending malicious party." 

The VHA said the following VA healthcare systems were impacted by the breach:

  • 386 veterans from VA Boston Healthcare System 
  • 37 veterans from VA Connecticut Healthcare System
  • 144 veterans from VA Togus Healthcare System
  • 25 veterans from Baltimore VA Medical Center 
  • 1,069 veterans from VA Amarillo Healthcare System
  • 616 veterans from VA Minneapolis Healthcare System

VHA officials said the server was shut down and disconnected from the internet in order to prevent further attacks. 

What comes next?

DBP, Inc. has reportedly purchased new hardware and will implement new security controls.

Veterans impacted by the breach will get a "Privacy Notification Letter" from the VHA with details on what information was potentially breached. 

Veterans with questions or concerns can call and leave a message at 1-844-838-5433 between the hours of 8 a.m. – 4:30 p.m., Monday through Friday. 

The VHA said calls will be returned by the Privacy Officers at the local Medical Centers within two business days.

The Source: A news release from the Veterans Health Administration. 

Veterans IssuesHealth Care