BreachExchange mailing list archives
VA investigating new data breach
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Tue, 16 Mar 2010 02:15:40 -0400
http://www.federaltimes.com/article/20100311/IT01/3110306/1018/DEPARTMENTS The Veterans Affairs Department is investigating reports that a former VA physician's assistant stored unauthorized personal patient data on a personal laptop. The data breach occurred at the Atlanta Veterans Affairs Medical Center, VA spokeswoman Katie Roberts said. In a written statement, Roberts said protecting patient privacy is one of VA's top priorities. "VA's Office of Information and Technology is trying to gather more details about the circumstances, including the number of veterans whose information was involved and the nature of the information affected. The results of the investigation and analysis will help determine whether to send notifications and offers of credit protection services to the affected veterans," Roberts wrote. NextGov first reported the breach, and VA's Chief Information Officer Roger Baker posted comments on the Web site clarifying how the employee copied patients' personal data. VA officials declined to make Baker available for comment. "The employee in question was never able to connect her unencrypted laptop to the VA network. Port-blocking technologies are enforced in Atlanta, and she was denied access. Thus, no ‘downloading' of information ever occurred. Any information existent on the personal laptop was hand-entered, and as you point out this violates all kinds of policies and training at the VA," Baker wrote. This isn't the first high-profile data breach at VA. In 2006, a VA data analyst downloaded 26.5 million records onto his laptop, which was later stolen. The laptop was recovered, and analysts said none of the personal information it contained was compromised. VA expanded its data security programs, encrypting all of its laptops and educating employees on data protection. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- VA investigating new data breach Jake Kouns (Mar 17)