DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

VA sending letter to 1,501 Montana vets about business associate ransomware incident

Posted on July 24, 2020 by Dissent

The Great Falls Tribune reports:

The U.S. Department of Veterans Affairs Veterans Health Administration on Thursday announced actions taken to protect veterans’ personal information following a recent privacy breach involving files from the Montana VA Health Care System.

Officials said they were notified June 4, by former contractor Benefits Recovery Specialists Inc. of “a data incident involving VHA files from the Montana VA Health Care System.”

Read more on the Great Falls Tribune. It is not clear from their reporting whether the VA terminated its contract with BRSI as a result of this breach or not.

Last month, BRSI disclosed that it had discovered malware or malicious software on April 30 and that the threat actors may have begun accessing or exfiltrating data on April 20. In their notification, BRSI was not specific about the type of malware, but the Great Falls Tribune report notes that it was Maze ransomware.

The BRSI incident does not appear to be listed on the Maze ransomware leak site.  DataBreaches.net sent an inquiry to the Maze operators to inquire about whether this was their attack, and will update this post if a response is received.

Unfortunately, 1,501 Montana VA patients are only a small piece of this incident. The BRSI incident was reported to HHS as impacting 274,837 patients.

Category: Breach IncidentsCommentaries and AnalysesHealth DataMalwareOf NoteSubcontractor

Post navigation

← Ca: Employee charged in 407 ETR data breach involving 60,000 customers
Ongoing Meow attack has nuked >1,000 databases without telling anyone why →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Credit Control Corporation data allegedly from 9.1 million consumers listed for sale on forum
  • Copilot AI Bug Could Leak Sensitive Data via Email Prompts
  • FTC Provides Guidance on Updated Safeguards Rule
  • Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
  • Hackers Break Into Car Sharing App, 8.4 Million Users Affected
  • Cyberattack pushes German napkin company into insolvency
  • WMATA Train Operators Arrested in Health Care Fraud Scheme
  • Washington Post investigating cyberattack on journalists, WSJ reports
  • Resource: State Data Breach Notification Laws – June 2025
  • WestJet investigates cyberattack disrupting internal systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.