Department of Veterans Affairs takes action following ransomware incident to protect veterans’ information

Richmond, Virginia – In response to a ransomware incident reported earlier this year, the Department of Veterans Affairs (VA) has outlined the steps taken to ensure the safety of veterans’ personal information and prevent future occurrences. The incident was first reported by Change Healthcare, a company responsible for processing medical insurance claims related to healthcare services.

Immediate Response to the Incident

“This incident was a ransomware attack that we’ve seen throughout the healthcare sector,” said Lynette Sherrill, VA’s deputy assistant secretary for information and security and CIS officer, during a June 25 news conference. Once Change Healthcare notified the VA of the incident on February 21, the department immediately disconnected all networks associated with the company and conducted a thorough search for “irregularities or malicious activity and found none,” Sherrill explained.

Despite these efforts, the disconnection temporarily disrupted several VA services, including inbound prescription orders, the record-locator system, and some picture archiving and communication systems. Clearinghouse services that support community-care claims, revenue operations, and payment processing were also affected. While most of these services have since been restored, some disruptions remained.

Efforts to Restore Services

Ian Komorowski, VA’s executive director for strategic investment management, provided an update on the progress made to address the disruptions. Initially, the prescription backlog reached one million, but efforts to alleviate the situation have been effective, and it is expected to be fully cleared by August. Additionally, funding for approximately 35,000 electronically submitted claims disrupted by the incident should be received from insurance providers by October.

Komorowski noted that while some 6 million invoices from VA’s third-party administrators were paused for about 10 weeks, this did not affect payments to vendors or services to veterans. Providers continued to be paid by the administrators, though the VA still needed to compensate the administrators. Some providers that contract directly with the VA experienced difficulties making electronic submissions for five to seven weeks. This issue has since been resolved, with 91 percent of all claims now paid in full. A complete restoration of services is anticipated by February.

Future Prevention Measures

The VA is committed to ensuring such incidents do not recur and to safeguarding veterans’ personal information. The department’s swift response and ongoing efforts to restore disrupted services demonstrate its dedication to maintaining the security and integrity of its systems.

For more information about the VA’s actions and updates on the restoration process, please visit the Department of Veterans Affairs website or contact their information security office.