Hackers attempting to steal money the Veterans Affairs Department was sending to private sector health care providers also scooped up the personal information of some 46,000 veterans.
According to an announcement put out Monday by VA, the department detected a breach of a payment processing system managed by the Financial Services Center after perpetrators were able to use social engineering to trick users into giving up their secure access information. The hackers were then able to use those credentials to gain access to the system and “divert payments to community health care providers,” i.e. private sector, non-VA medical facilities.
After discovering the compromise, “The FSC took the application offline and reported the breach to VA’s Privacy Office,” the statement reads. VA officials said the affected system will remain offline until the Office of Information Technology can perform “a comprehensive security review.”
While the hackers’ primary goal seems to be monetary, the Social Security numbers and other personally identifiable information for some 46,000 veterans was exposed in the process.
VA officials did not immediately respond Monday to a list of questions from Nextgov.
VA has sent letters to all of those affected by the breach, with instructions on how to protect their data and access to free credit monitoring services.
“There is no action needed from veterans if they did not receive an alert by mail, as their personal information was not involved in the incident,” according to the statement.
The breach announcement comes five weeks after FSC issued a request for information for cybersecurity audit services.
“The contractor shall provide a gap analysis on which ..
Support the originator by clicking the read the rest link below.
