The Orlando VA Medical Center reported a data breach that revealed the personal information of thousands of veterans.
A former employee of the Orlando VA healthcare system caused a breach of personal information by emailing documents containing sensitive details of veterans to their personal email account on their last day of employment.
According to Health News Florida, the breach was discovered on January 16. It impacted veterans whose names, addresses, phone numbers, email accounts, dates of birth, and complete or partial Social Security numbers were possibly included in the documents. The breach was reported to the HHS on March 5, 2024, and classified as unauthorized access/disclosure.
See also: A guide to HIPAA and access controls
The impacted individuals totaled at 10,059 including:
See also: FAQs: All about HIPAA breaches
This incident is not the VA's first; a similar breach occurred in September 2020, affecting approximately 46,000 veterans. This breach happened when unauthorized users accessed one of the VA's Financial Services Center (FSC) online applications. The attackers exploited vulnerabilities in the system by using social engineering techniques and manipulating authentication protocols to redirect payments intended for community health care providers for veterans' medical treatment. The breaches, notably the one in 2024, bring to attention gaps in VA data protections, particularly in managing insider threats and data handling and access policies.
The VA has already initiated contact with the affected veterans, along with the next of kin, to inform them about the breach and its implications. Additionally, veterans whose sensitive information, such as social security numbers, was exposed are being offered one year of free credit monitoring services to prevent any potential identity theft.
See also: HIPAA Compliant Email: The Definitive Guide
Yes, HIPAA applies within VA healthcare organization.
Affected veterans are urged to monitor their financial accounts for any unusual activity and report any suspicious transactions immediately. They can also take advantage of the no-cost credit monitoring services offered by the VA.
Veterans who have concerns or questions about the breach can contact the VA through a toll-free number: 1-833-486-3075, available Monday through Friday, from 8 a.m. to 4:30 p.m.