200K Veterans’ Medical Records May Have Been Stolen

| May 12, 2021

If the gas pipeline hack wasn’t enough, now a database of veteran’s medical records may have been compromised by hackers.

200K Veterans’ Medical Records May Have Been Stolen by Ransomware Gang

Analyst finds ransomware evidence, despite a contractor’s denial of compromise.

A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers.

The VA for it’s part said that the evidence may point to internal security work rather than a cyberattack.

The files were first discovered on April 18 by researcher Jeremiah Fowler, who found the database sitting exposed online without even basic password protection. Fowler said the files made several references to United Valor Solutions. United Valor is a North Carolina-based company which “provides disability evaluation services for the Veterans Administration and other federal and state agencies,” according to its site.

Analyst Found Ransomware Evidence, Contradicting Contractor

The exposed data included patient names, birth dates, medical information, contact information and even doctor information and appointment times, all of which could be used in socially engineered attacks, Fowler explained. The database also exposed unencrypted passwords and billing details.

“The database was set to open and visible in any browser (publicly accessible) and anyone could edit, download or even delete data without administrative credentials,” Fowler said about his findings.

They found a message in the dataset.

Ransomware Demand Detected In Dataset

“The dataset also contained a ransomware message titled “read_me” that claimed all of the records were downloaded and they would be leaked unless 0.15 Bitcoin ($8,148) was paid,”

Forgive me for saying so, but $8K isn’t much for such an elaborate crime.  Maybe they were hoping it was just small enough that it was worth paying?

Now, in addition to me paying five dollars a gallon for gas soon, everyone will know when I got my vasectomy. *sigh*

Category: "Teh Stoopid"

22 Comments
Inline Feedbacks
View all comments
KoB

’bout a mute point these days. Every piece of personal info about everybody is out there, somewhere. Ma Bell pounded it into everybody’s heads, including all of the contractors we had working for us on IT Security…and they’d still eff up.

Computers…The Mark of The Beast.

26Limabeans

“bout a mute point these days. Every piece of personal info about everybody is out there, somewhere”

And has been for a long, long time.
The only thing new is “access” and that doesn’t seem
to be much of a barrier these days.

TDG

Moot means unimportant or not worth talking about. Mute means completely silent. Moot and mute might seem like similar words at first glance, but they are pronounced differently. Mute rhymes with cute, whereas moot rhymes with boot.

Respectfully,
The Grammar Gunny

26Limabeans

Double entendre.
You will see a lot of it here.

timactual

Shouldn’t that be “double intendre”?

Heh.

11B-Mailclerk

The iron law of un-entendre consequences.

KoB

“mute” as in I don’t want to hear it here, because they’re pissing me off with their ramblings from over there. (See what I did there, dear and I don’t mean deer as in venison?) 😛 Also mute as in rhymes with cute, because…well…according to Lady Friend…I am…and can cook too…being a moot point when I’m wearing my boots, ’cause I can make some kickin’ grub. 😉 😀

26Limabeans

“being a moot point”

One of my beloved retrievers was named
Moot Point Sans Peur.
You can read an awful lot into that name and
every bit of it would be true.
I called him “Moo” for short.

MI Ranger

Grammar Secretary,
I thought moot means not relevant to the discussion? I seem to recall a Jesse Jackson skit on Saturday Night Live “The Question is Moot” where he made this very clear!

26Limabeans

I’ve always considered the word to mean “debatable”.

KoB

The Gol’durned Germans ain’t got nothin’ to do with it!

5JC

Thats ok they already gave away all of my PID in the PERSCOM hack back in 2014. Not long after that someone tried to raid my kids College Savings plans. I really wished someone in the Federal Government GAF about hacking and established and actual central agency responsible for protecting the country. We get raped every day and they really dont care.

CWORet

Yep, same here. Wife’s too. My medical records are pretty much ‘meh’ at this point. What else could they actually gain. Just looking for the ransom I think. Speaking of which, in the D of the C, https://www.nbcnews.com/tech/security/hackers-release-personal-info-22-dc-police-officers-rcna897 looks like the PoPo has even countered an offer to pay 100k of the 4mil demanded.That’s real good. Negotiate with the criminals. That’ll stop ’em.

5JC

This is some fascinating stuff here:

https://spectator.us/topic/anthony-fauci-who-nih-coronavirus-lab-wuhan-institute-virology/

I can’t vouch for any of it’s validity but it is an intriguing read.

Only Army Mom

Interesting but incomplete. The Wuhan bsl-4 lab was not deemed to meet sufficient protocols by the WHO. In response, the CCP, with the help of NIH and CDC penned “proof” they were, in fact, up to snuff in 2019. The CCP charged it was racism, First-world imperialism, etc., that prevented their receiving acknowledgment of their bsl-4.

These are a few of the reasons I firmly believe this was lab-created, either out of hubris or as a weapon. I equally firmly believe the eventual history books will call this correctly – an act of war by China against the First World, the success of which was assured by the greed of bought First World politicians and ignorance of First World masses.

The first article, penned originally in 2020 said the Wuhan lab had initially classed the virus as “B”, but “will institute Class A” – note future tense, long after the…leak?
(https://www.livescience.com/china-lab-meets-biosafety-levels-new-coronavirus.html).

The second article, (https://wwwnc.cdc.gov/eid/article/25/5/18-0220_article)
penned in 2019 is the response to criticisms by the European community the Wuhan lab did not have sufficient safeguards, trained personnel, etc., to handle bsl-4. Go ahead and try to find those original criticisms. I read them over a year ago but even with access to advanced databases, I can’t find any of them.

Wireman611

These hackers really need to be tracked down and shot in the face multiple times and then left there pour encourager Les autres.

Roh-Dog

Blood Thirsty Infantry Lord, please let this be used by black clad morons as a hit list, may I be the first and last. Make my aim true and bless Your servants’ freedom pills, oh Warrior God!

Dustoff

Great. As a customer of the VA, they ‘res someone out there that knows Dustoff has GERD and avascular necrosis in my left hand.

tshe

May as well start admitting your medical conditions here. It takes the power away when it is posted online.

I still wet to bed. There, I said it.

5JC

Priapism, but it is untreated. Makes shopping at the commissary challenging when the older widows keep hitting on you.

timactual

“…everyone will know when I got my vasectomy. *sigh*”

Service connected?

timactual

Which reminds me of the time I almost gave myself a vasectomy with an improperly secured K-Bar. A “line of duty” injury, of course.

You would think that after seeing all the nasty crap they do in a combat zone medics would have pretty tough skins. Amazing how squeamish they were when confronted with a mere “lacerated testicle”. Stick their hand in someone’s guts–no problem; examine a testicle–no touchee.

Hell, I’m still surprised that nobody laughed. I still do. No worries, though, I am still “intact”.

Which in turn reminded me of a song I heard in my youth; “One Balled Reilly”.

http://sniff.numachi.com/pages/tiREILLY2%3bttREILLY1%3bttREILLY2.html
(The few words I still remember are somewhat different.)