Veterans Health Administration Cyberattack Exposes Thousands of Veterans' Records

By Harry Negron, December 2, 2024

The Veterans Health Administration (VHA) has reported a significant cybersecurity breach compromising the personal and medical information of 2,302 veterans nationwide. The affected data includes full names, medical records, and Social Security numbers.

The breach originated from a cyberattack on a server managed by DBP, Inc., a contracted medical transcription vendor for the VHA. The server was infiltrated and potentially copied by malicious actors. In response, DBP, Inc. promptly shut down the compromised server, disconnected it from the internet to prevent further unauthorized access, and implemented enhanced security measures, including new hardware and security controls.

The impact of the breach varies across different VA healthcare systems:

• VA Amarillo Healthcare System: 1,069 veterans affected

• VA Minneapolis Healthcare System: 616 veterans affected

• VA Boston Healthcare System: 386 veterans affected

• VA Togus Healthcare System: 144 veterans affected

• VA Connecticut Healthcare System: 37 veterans affected

• Baltimore VA Medical Center: 25 veterans affected

The VHA has assured that the breach did not compromise any medical record information within the VA's electronic health record system. Veterans whose information was affected will receive notification letters detailing the specific data involved. For further inquiries, veterans can contact the VHA at 1-844-838-5433 between 8 a.m. and 4:30 p.m., Monday through Friday. Calls will be returned within two business days.

This incident underscores the critical importance of robust cybersecurity measures, especially within organizations handling sensitive personal and medical information. The VHA is collaborating with DBP, Inc. to ensure that enhanced security protocols are in place to safeguard against future breaches.