VA reports data breach affecting 46,000 veterans

Scammers trying to divert payments for medical care compromised an online system belonging to the Financial Services Center.

Blue Signage and logo of the U.S. Department of Veterans Affairs
 

Scammers trying to divert payments for veterans' medical care compromised an online system belonging to the Financial Services Center at the Department of Veterans Affairs, the agency reported Sept. 14.

The data breach affected 46,000 veterans, with social security numbers among the compromised information.

According to the VA, scammers used information gleaned from a Financial Services Center application and combined it with social engineering to redirect payments owed to community health care providers.

The VA, through the Veterans Health Administration, provides medical care to a population of about 20 million beneficiaries. Legislation passed in 2014 and modified in 2018 permits veterans to seek community care in certain circumstances, depending on how far they live from a VA facility and whether the kind of care they need is available through VA locally. Providers who treat veterans under the Veterans Choice program bill the VA directly.

The agency took the compromised system offline for a security review from VA's Office of Information and Technology. VA is offering credit monitoring services to veterans and other beneficiaries whose social security numbers were revealed in the breach.

The VA did not immediately respond to questions about the timing and duration of the data breach, when it was noticed or how much money was scammed from the agency that was meant to reach health care service providers.