Veterans Health Administration notifies veterans of potential information disclosure

(ABC 6 News) – The Veterans Health Administration (VHA) is sending letters to 2,302 Veterans notifying them of the potential disclosure of protected health information that may have been obtained through the cyber security attack of a server managed by a contracted medical transcription vendor, DBP, Inc.

According to a press release from the Minneapolis VA Health Care System, the affected transcribed documents contained some or all the following information: full name, medical record information, or social security number.

VHA employees conducted a thorough investigation regarding this incident and determined this cyber security attack did not affect any medical record information in the VA electronic health record.

VHA determined that this attack involved the files on the DBP, Inc. server being “locked down” (encrypted) and potentially copied by the offending malicious party.

The vendor was able to shut down the server and disconnect it from the internet to prevent further attacks. The vendor purchased new hardware and implemented new security controls on the equipment.

The Department of Veterans Affairs continues to work with the vendor to ensure appropriate security measures are in place.

In VISN 23: 616 Veterans were affected from VA Minneapolis Health Care System.

Veterans affected will receive a Privacy Notification Letter containing details on what information was at risk.

Veterans who have questions or concerns about whether their personal information may have been involved can call and leave a message at 1-844-838-5433 between the hours of 8 a.m. – 4:30 p.m., Monday through Friday. Calls will be returned by the Privacy Officers at the local Medical Centers within two business days.