by John R. Fischer
, Senior Reporter | September 17, 2020
The U.S. Department of Veterans Affairs (VA) Office of Management has informed approximately 46,000 veterans of a data breach that has potentially compromised their personal information.
The Financial Services Center (FSC) reported to VA’s Privacy Office that unauthorized users accessed one of its online applications to divert payments intended for community healthcare providers caring for veterans. It has removed the application offline.
“A preliminary review indicates these unauthorized users gained access to the application to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols,” said the VA in a statement. “To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology.”
Data breaches and hackings have grown each year since 2019 and almost doubled between 2018 and 2019, according to online privacy website PrivacyAffairs.com. The site reported recently in its Healthcare Data Breach Statistics study that 3,054 data breaches of medical records occurred between 2009 and 2019, and that 230,954,151 U.S. medical records were lost, exposed or stolen in that time.
"Due to the vast number of connected devices in hospitals, the logistical challenge for IT teams is often too great for proper cybersecurity maintenance,” said PrivacyAffairs in a statement regarding the frequency of targeted attacks on healthcare systems. “Medical staff need to have access to patient data, but the additional training costs and time constraints often mean that the people who access the network are ill-equipped to keep it secure.”
Healthcare compliance analytics platform Protenus also reported recently that 41 million patient records were breached in 2019
, a figure it says is triple the number breached in 2018.
The FSC is alerting affected individuals, including next of kin of those who have since died, of the potential risk to their personal information. The VA is offering access to credit monitoring services to those whose social security numbers may have been compromised, free of charge.
Veterans whose information was involved are advised to follow the instructions in the letter to protect their data. Those who did not receive an alert by mail do not need to take action, as their personal information was not involved in the incident.Back to HCB News