VA is warning veterans about Change Healthcare cyberattack, secretary says
“There’s no confirmation yet” that veterans’ data was leaked by the ransomware attack, according to the VA secretary, but the department is proactively alerting millions of veterans and beneficiaries to be safe.
The Department of Veterans Affairs is “not aware of any adverse impacts” on patients’ care stemming from the February cyberattack on Change Healthcare but has still notified more than 15 million veterans and their families to alert them about the breach, VA Secretary Denis McDonough said on Thursday.
During his monthly press conference, McDonough said Change Healthcare — the largest healthcare payment system in the country — reported this week that “a substantial portion of the people in America” could have had their personal data leaked as a result of the ransomware attack that affected hospitals and medical facilities across the U.S.
“If we do learn that veterans’ personal information has been compromised, we'll move quickly to mitigate the impact and provide full support to veterans affected,” McDonough said, adding that “there's no confirmation yet” that veteran data was exposed, but the department has been pressing the company for weeks to provide additional information about the attack.
He added, however, that VA has been proactively working to notify veterans about the cyberattack and to provide them with guidance about steps they can take to secure their data.
“We sent an email to over 15 million veterans and their families to make sure they know about the tools and resources they can use to protect themselves from fraud,” McDonough said, noting that this includes information “about the two years of free credit monitoring and identity theft protection” that Change Healthcare is offering to those harmed by the attack.
McDonough also pointed to a blog post that VA published this week with additional details about the breach and links to outside resources that veterans and their beneficiaries can use to secure their information.
VA has been working to keep veterans and lawmakers apprised of the cyberattack’s impact on the department, McDonough said, and he pledged “full transparency” when it comes to providing additional information about the scope of the incident.
In addition to potentially exposing Americans’ data, the ransomware attack also disrupted many medical facilities’ payment processing and prescription fulfillment systems.
A VA spokesman told Nextgov/FCW earlier this week that the department’s cybersecurity operations center “confirmed [that] no malicious activity or irregularities were present” as a result of the attack but that a number of VA’s internal systems were affected.
McDonough highlighted those issues during his press conference, saying that “the incident initially impacted a good number of our IT functions — Community Care payment processes among them.”
He added that VA has restored many of the impacted capabilities and that “we're working to get 100% of them up.”