Vendor Breach Exposes PII of More than 7,000 Vets

Veterans Affairs Learned of Incident in Early November
Vendor Breach Exposes PII of More than 7,000 Vets

The Department of Veterans Affairs, in a cryptic message, disclosed a potential security flaw that exposed the personally identifiable information of 7,054 veterans in a patient database belonging to and managed by a vendor that provides home telehealth services to the VA.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The Dec. 24 statement said VA learned of the possible breach on Nov. 4. "An investigation was immediately initiated and security scans were conducted by VA, which confirmed the concern," a VA spokesperson said. "The contracted vendor has assured VA that only vendor staff and VA staff had accessed this information. The security flaw in the vendor database was immediately corrected and VA continues to closely monitor the application."

VA neither identified the contractor nor provided more details about the incident.

The spokesperson said VA notified the affected veterans and offered them credit protection. But don't expect many vets to take the VA up on the offer. In October, VA CIO Steph Warren said only 4 percent of veterans accept such offers (VA CIO Reveals Biggest Security Concerns).

The latest security incident pales when compared with past events. In 2013, Congress was told that hackers from overseas had repeatedly breached VA computers containing unencrypted data on some 20 million veterans (see VA Systems Hacked from Abroad). Eight years ago, a stolen laptop with unencrypted data contained the personally identifiable information on more than 26 million individuals (see 2006 VA Breach: Assessing the Impact).

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.