You may have heard in the news about the recent Change Healthcare (CHC) cybersecurity incident, which impacted many health care institutions across America. We at VA want to provide an update on what this incident could mean for you.
CHC is one of VA’s vendors, and as soon we became aware of the breach we took swift action to disconnect from all known systems with CHC; we have confirmed that there is no malicious activity or irregularities in our system.
However, CHC announced this week that “a substantial portion of the people in America” could have had some protected health information leaked as a result of this incident. While there is no confirmation that Veteran data was leaked as a result of this incident, we want to provide you with all of the information that you could need to protect yourself.
Here’s what you need to know:
- CHC is offering credit monitoring for all impacted individuals. CHC will provide two years of free credit monitoring and identity theft protections for those impacted. You can call 1-866-262-5342 or visit the dedicated UHG/CHC website at http://changecybersupport.com to learn more.
- VA has general fraud protection information available to you. There are always steps that you can take to protect yourself against fraud and identity theft, and VA has resources available to you. General information on how to protect yourself from fraud is available at Protecting Veterans From Fraud | Veterans Affairs (va.gov). This includes a fraud protection toolkit, frequently asked questions, information about how to be vigilant about scams, and much more.
- The federal trade commission also offers resources to help protect your identity. For additional information about other precautions available to you, visit the Federal Trade Commission website at http://www.consumer.ftc.gov/features/feature-0014-identity-theft.
- VA health care operations are not impacted. While we work through this issue, we want you to know that VA remains fully open for business—and there is no known adverse impact on VA patient care or outcomes to date. Please do not hesitate to come to us for all of your health care needs, as usual.
At this time, we cannot confirm that any Veteran data has been compromised, so we cannot answer specific questions as to whether your data is involved. But if it is determined that Veteran data was included in the data breach, we will ensure that you are notified and full support is provided.
Protecting your personal health information is—and always will be—one of our top priorities. We will continue to monitor this incident closely and provide updates whenever possible.
Link Disclaimer
This page includes links to other websites outside our control and jurisdiction. VA is not responsible for the privacy practices or the content of non-VA Web sites. We encourage you to review the privacy policy or terms and conditions of those sites to fully understand what information is collected and how it is used.
Topics in this story
Link Disclaimer
This page includes links to other websites outside our control and jurisdiction. VA is not responsible for the privacy practices or the content of non-VA Web sites. We encourage you to review the privacy policy or terms and conditions of those sites to fully understand what information is collected and how it is used.
Statement of Endorsement
Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government, and shall not be used for advertising or product endorsement purposes.
More Stories
Veterans Canteen Service introduces online service for ordering contact lenses, a quick and convenient way to get prescription contacts
VA emergency medicine physician Dr. Sari Hart receives award for developing and teaching a humanism course.
Volunteering is a huge part of Blue Star Families. We are grateful for each of our volunteers and know we couldn’t support our members without them. Many of our employees also volunteer with other organizations, and we are so thankful for their altruistic spirits. As the saying goes, we make time for the people (and things) that matter most to us, so if you’re looking for ways to stay connected after your military service, maybe becoming a Blue Star Volunteer is for you.
Great. How do I know if my account was affected?
This concerns me very much. The possible breach of information is not only my ssn and dob but private health information that could be used against me. I want to be contacted by someone who can help delete my problem list from my medical record at the VA.
This is very weak response to a leak. There is the standard coverage of any proven financial loss that costs almost nothing. Where is the aggressive prevention or penalty for a loss of data that has been entrusted to an outside vendor? Is there a penalty clause in their contract? What are the consequences for allowing someone to take our data?
Eric G is correct: the UHG/CHC website is not secure. If you are inclined to trust them to monitor your credit for two years , your best bet is to call the phone number. Do not use the website.
How will I know if I’am a victim. Who will contact me, CHC or VA. I want to feel comfortable with the information I may receive.
Linda
When will my healthy vet be available again. A lot of veterans need help to access My Health Vet . On line !!! A lot of Older Veterans Have Trouble accessing or setting up my Healthy Vet. Some older Veterans don’t have a computer or can’t use one. They need help.
I tried to tell the VA I didn’t want my information added to online data. They told me that medical records are going digital and there was nothing I could do about it. They told me my information would be safe. I told them they were wrong and that when someone in the future is able to get ahold of my data that the VA would be responsible for HIPPA violations. They told me it would never happen and now we find out they were never in charge of the data to begin with. Another HIPPA violation. Veterans should be given the choice to have their records online or hard paper copy. The VA also told me that having my records digital would allow for continuity of care across the VA system, yet every time I move and go to a new VA I have to start all over from square one telling the doctor everything that has been wrong with me from the time I entered the military till present. The VA is good at one thing, protecting itself through obfuscation and denial. This was foreseeable and preventable but why would the VA ever listen to their patients?
Yep! I agree with you! I am now blind, and I’m tired of being referred to going online when I just barely started being able to somewhat do things online after seven years of being blind! But anyway… I hope there’s a class action lawsuit that we can all partake in because of this crap!
It is not HIPPA violation it is HIPAA (Health Insurance Portability Accountability Act)
Agree with pissed off vet
Going digital is safe???!!! Worst decision ever to go digital. How many times must we read the news and hear of another company getting hacked? Yet the VA didn’t seem to care enough or to be proactive enough to check their vendor that keeps all VA medical records to see how they are protecting the information of millions of vets. The VA is great at being reactive AFTER an issue such as this takes place even when they know they could be a target of this kind of thievery.
Status quo!
I have heard that Change’s problem stemmed from not using dual verification of requests. That’s a training problem, no? I use it whenever available.
I sign in, get asked if I want a code sent by phone (yes), then enter that code to complete sign-in.
These types of issues have been known to be happening FOR A LONG TIME. It truly sad that sites that host valuable information HAVE NOT TAKEN PRECAUTIONS!!!!! While not necessarily easy, is something that can be accomplished, Amongst other methods, the machined that host personal information should not be accessible through the public internet. Such information should only be available to internal sites. Yes, these are simple thoughts. That said, it is a basis for making systems secure…
You wouldn’t tell us even if you knew. More government hocus pocus. Whamo it’s fixed. Don’t worry, be happy. Right
So, when attempting to visit the cited website at:
the dedicated UHG/CHC website,
my browser stopped me from going there, informing me that the URL doesn’t support https. I’m very disappointed that ANY external links do not support https. I understand you’re not responsible for cited external links, I feel the least you could do is validate them before publication.
[Editor: I personally verified every link in the story prior to publishing. And again just now. They all work.]
The only accurate information in this story that’s 100 per cent true:
“VA is not responsible”.
Soooo….our government can maintain Top Secret/SCI and higher confidential information better than they can veterans’ PII that served, fought for, and potentially got disabled for our country…..yet they don’t think logically with common sense and conduct due diligence to confirm they have legitimately secured the vulnerable PII of our veterans to ensure they don’t become victims of identity theft / fraud….which I’m one of them and have had my identity stolen at least twice now…..remember the OPM hack by China…..and now this….. ?♂️
I told the 23rd. Street VA that my information was hacked and that my SS number was compromised. and who sent me to this outside MRI clinic THE VA. The 23rd street VA can care LESS.