Getting your Trinity Audio player ready...

The Veterans Health Administration (VHA) is sending letters to 2,302 veterans notifying them of the potential disclosure of protected health information that may have been obtained through the cyber security attack of a server managed by a contracted medical transcription vendor, DBP Inc. The affected transcribed documents contained some or all the following information: full name, medical record information or Social Security number.

VHA employees conducted a thorough investigation regarding this incident and determined this cyber security attack did not affect any medical record information in the VA electronic health record. The attack involved the files on the DBP Inc. server being “locked down” (encrypted) and potentially copied by the offending malicious party. The vendor was able to shut down the server and disconnect it from the internet to prevent further attacks. The vendor purchased new hardware and implemented new security controls on the equipment. The Department of Veterans Affairs continues to work with the vendor to ensure appropriate security measures are in place.

According to the release, 616 veterans were affected from VA Minneapolis Healthcare System.

Veterans affected will receive a privacy notification letter containing details on what information was at risk. Veterans who have questions or concerns about whether their personal information may have been involved can call and leave a message at 1-844-838-5433 between the hours of 8 a.m. to 4:30 p.m., Monday through Friday. Calls will be returned by the privacy officers at the local medical centers within two business days.