“UPDATE
A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers.”
“The VA for its part said that the evidence may point to internal security work rather than a cyberattack.
The files were first discovered on April 18 by researcher Jeremiah Fowler, who found the database sitting exposed online without even basic password protection. Fowler said the files made several references to United Valor Solutions. United Valor is a North Carolina-based company which “provides disability evaluation services for the Veterans Administration and other federal and state agencies,” according to its site.”
“Analyst Found Ransomware Evidence, Contradicting Contractor
The exposed data included patient names, birth dates, medical information, contact information and even doctor information and appointment times, all of which could be used in socially engineered attacks, Fowler explained. The database also exposed unencrypted passwords and billing details…” Read the full post here.
Source: 200K Veterans’ Medical Records May Have Been Stolen by Ransomware Gang – By Becky Bracken, May 11, 2021. Threatpost.
