BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

VA investigating new data breach

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 16 Mar 2010 02:15:40 -0400
http://www.federaltimes.com/article/20100311/IT01/3110306/1018/DEPARTMENTS

The Veterans Affairs Department is investigating reports that a former
VA physician's assistant stored unauthorized personal patient data on
a personal laptop.

The data breach occurred at the Atlanta Veterans Affairs Medical
Center, VA spokeswoman Katie Roberts said. In a written statement,
Roberts said protecting patient privacy is one of VA's top priorities.

"VA's Office of Information and Technology is trying to gather more
details about the circumstances, including the number of veterans
whose information was involved and the nature of the information
affected. The results of the investigation and analysis will help
determine whether to send notifications and offers of credit
protection services to the affected veterans," Roberts wrote.

NextGov first reported the breach, and VA's Chief Information Officer
Roger Baker posted comments on the Web site clarifying how the
employee copied patients' personal data. VA officials declined to make
Baker available for comment.

"The employee in question was never able to connect her unencrypted
laptop to the VA network. Port-blocking technologies are enforced in
Atlanta, and she was denied access. Thus, no ‘downloading' of
information ever occurred. Any information existent on the personal
laptop was hand-entered, and as you point out this violates all kinds
of policies and training at the VA," Baker wrote.

This isn't the first high-profile data breach at VA. In 2006, a VA
data analyst downloaded 26.5 million records onto his laptop, which
was later stolen. The laptop was recovered, and analysts said none of
the personal information it contained was compromised. VA expanded its
data security programs, encrypting all of its laptops and educating
employees on data protection.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: