The VA’s Online Medical Payments Form Was Hacked To Divert Money For Veteran Care
The personal information of at least 46,000 veterans has been exposed in a data breach at the Department of Veterans Affairs.
According to the VA, the leak is related to an online form used for medical payments.
“VA’s independent inspector general’s investigator is investigating that issue, and in order to protect the integrity of the investigation can’t comment further,” VA spokesperson Christina Noel told Federal News Network.
A preliminary review conducted by the VA’s Privacy Office discovered that unauthorized users were able to alter the form to divert submitted payments from the VA to community care health providers, “using social engineering techniques and exploiting authentication protocols.”
“To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information,” the VA reports. “The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised.”
Veterans who have been impacted by this data breach are being sent notifications by mail.
“Veterans whose information was involved are advised to follow the instructions in the letter to protect their data,” the VA reports. “There is no action needed from veterans if they did not receive an alert by mail, as their personal information was not involved in the incident.”
The VA’s Office of Information and Technology is expected to complete a security review before the online payment system is restored.
Close to 200,000 Social Security numbers and other sensitive information stored by the Defense Information Systems Agency was exposed between May and July 2019. The DISA followed up with letters to those impacted, many rightfully upset that “a U.S. defense agency charged with providing information technology and communications support to the U.S. government, including the president and other senior officials,” as TechCrunch reports, would be so lax in its own security measures.
According to The Hill, both of these events pale in comparison to the VA’s 2006 data breach, when “a computer disk was stolen that contained the names, Social Security numbers and birth dates of around 26.5 million veterans, including several lawmakers.”