Montana VA Health Care System recently began notifying 1,501 patients that their personal data was exposed through a ransomware attack on the Department of Veterans Affairs' former billing and collections contractor Benefit Recovery Specialists, Great Falls Tribune reports.
The Fort Harrison-based health system was notified of the data incident on June 4 by BRS, which discovered the Maze ransomware attack on April 30. Through the attack, an unauthorized user accessed the Houston-based company's computer systems using employee credentials to deploy the malware, and then gained access to certain BRS customer files containing personal information between April 20-30.
The billing and collections company reported the incident to HHS on June 26 as affecting a total of 274,837 individuals, which included the 1,501 from Montana.
Veterans Health Administration files containing personal information provided to BRS as part of VA's prior contracts were among those the unauthorized user had access to. Patient information exposed included full names, Social Security numbers and facility details.
VA said it began working on the incident to identify those affected and the type of data involved as soon as they were notified in June. The department is offering a free annual credit report and free crediting monitoring to the patients affected by the security breach.