A database made up of the personal data and protected health information (PHI) of more or less 200,000 U.S. military veterans was determined to be available on the web by security specialist Jeremiah Fowler.
The database was found on April 18, 2021 and an evaluation pointed out references to a business entity named United Valor Solutions located in Jacksonville, NC. United Valor Solutions is a service provider of the Department of Veterans Affairs (VA) that delivers disability review services for the VA and many other government bureaus. The database – that included veterans’ names, contact details, birth dates, medical data, appointment details, unencrypted passwords, and billing details – may be viewed with no password. Any person could have accessed the database, acquired the information and modified or erased them.
Fowler alerted United Valor Solutions concerning the compromised data. The company answered the next day confirming the compromised database and that the breach was already reported to its service providers and public access was closed. It is unknown for how long the storage system was compromised; nonetheless, United Valor Solutions stated it appeared that the database was merely viewed by internal IP addresses and Fowler’s.
Fowler claimed he had seen signs of a ransomware attack. In the dataset was a communication named “Read_me” which said that data were downloaded and will be published in case a 0.15 Bitcoin ransom wasn’t paid.
Threatpost noted that the VA is examining the incident and that it looks linked to penetration tests. Director Reginald Humphries of IT strategic communication at the Office of Information and Technology at the VA gave an announcement that a researcher was making an effort to uncover security insufficiencies and imperfections in United Valor Solutions systems. After all this, the company doesn’t consider this to be a data breach. Instead, this was undertaken for research reasons, according to the request of the company, United Valor Solutions. The VA investigation into the occurrence is continuing.
More Persons Affected by Insider Atascadero State Hospital Breach
A breach recently announced by the California Department of State Hospitals (DSH) has impacted more people than earlier assumed. The breach, which was discovered on February 25, 2021, concerned improper access to health care records by an ex-worker.
The breach was at first believed to have affected the files of 1,415 patients and previous patients, 617 employee names, the private information and PHI of 1,735 workers, and records of around 1,217 job seekers who were not successful in getting a job.
Additional inquiry into the inappropriate access pointed out the personal data of an additional 80 persons were accessed, which include telephone numbers, email addresses, addresses, dates of birth, driver’s license numbers, and social security numbers. The immigration data of 38 people, work-associated health facts of 81 persons who had applied for employment, had been hired, or were previous employees, and 20 persons’ birth dates and the last four digits of their Social Security numbers were likewise viewed.
The staff involved was given administrative leave as the incident investigation is in progress. The California Highway Patrol is supporting the DSH with the inquiry.