A home telehealth services vendor is being blamed for a data breach that could have exposed more than 7,000 veterans to identity theft.
According to Federal News Radio, a spokesman for the Department of Veterans Affairs said a potential flaw in a database managed by the unidentified vendor may have exposed personal information on the veterans. The VA was notified of the potential breach on November 4.
"An investigation was immediately initiated and security scans were conducted by VA, which confirmed the concern," the spokesman told the news station. "The contracted vendor has assured VA that only vendor staff and VA staff had accessed this information. The security flaw in the vendor database was immediately corrected and VA continues to closely monitor the application."
[See also: Top 10 mHealth News stories of 2014.]
VA officials said more than 690,000 veterans have taken advantage of the national telehealth program, which includes the My HealtheVet portal, and 7,054 veterans were listed in the affected database. The flaw, officials said, could have exposed their names, date of birth, address, phone number and VA patient identification number.
VA officials have said the agency is adding $60 million to its 2015 budget to address cybersecurity issues, but Congress has been asking for more information in the wake of a series of safety concerns. Last January, for instance, the VA's eBenefits system was hacked.
In September, VA officials praised the telehealth program for reducing the number of days that veterans spent in the hospital by 58 percent and saving the agency roughly $2,000 per patient.
Related articles:
VA poised to ramp up telehealth in 2015
mHealth masters: Steven Steinhubl on cutting edge of wearable sensor technology
