Veterans Health Administration reports third party data breach
Learn More
Veterans Health Administration (VHA) is reporting a cybersecurity incident that impacted their contracted medical transcription vendor, DBP, Inc. The attack resulted in unauthorized access to sensitive veteran information stored on DBP's servers.
The malicious actors encrypted the server contents and potentially exfiltrated the data. DBP immediately shut down the compromised server and disconnected it from the internet to prevent further unauthorized access, then purchased new hardware and implemented enhanced security controls. Exposed data includes:
- Full names
- Medical record information
- Social Security numbers
IDP is working with VA to strengthen security measures. VHA claims that the VA's main electronic health record system remained unaffected. A total of 2,302 veterans are affected across six healthcare systems:
- VA Amarillo Healthcare System: 1,069 veterans
- VA Minneapolis Healthcare System: 616 veterans
- VA Boston Healthcare System: 386 veterans
- VA Togus Healthcare System: 144 veterans
- VA Connecticut Healthcare System: 37 veterans
- Baltimore VA Medical Center: 25 veterans
The VHA is sending Privacy Notification Letters to all affected veterans. Those with concerns can contact 1-844-838-5433 (8 AM - 4:30 PM, Monday-Friday) with a guaranteed response from local Medical Center Privacy Officers within two business days.
Even though the nature of the attack is not disclosed, the encryption of the systems confirms a variant of ransomware.
