Exploit: Ransomware
Veterans Administration: Federal Agency
Risk to Business: 1.722= Severe
The VA has found itself in the cybersecurity hot seat again after a data breach at a records contractor exposed more than 200,000 records for veterans. The contractor, United Valor Solutions, appears to have been the victim of a ransomware attack. Researchers found a trove of their data online, including this sensitive VA data. The VA has announced that its Veterans Benefits Administration (VBA) Privacy Office is currently working with Medical Disability Examination Officer (MDEO) and contractors to further handle the incident, with the VA Data Breach Response Service investigating independently.
Individual Risk: 1.722= Severe
The exposed records contain included patient names, birth dates, medical information, contact information and even doctor information and appointment times, unencrypted passwords and billing details for veterans and their families, all of which could be used in socially engineered spear phishing or fraud scams.
Customers Impacted: 200,000
How it Could Affect Your Customers’ Business Ransomware is the gift that keeps on giving for medical sector targets. Not only are those victims facing expensive investigation and recovery costs, but they can also expect a substantial HIPAA fine and possibly more regulatory scrutiny.
Source: https://threatpost.com/veterans-medical-records-ransomware/166025/