VA notifies 12,000 vets affected by data loss
Posted : Friday Nov 16, 2007 7:01:26 EST
The Department of Veterans Affairs is individually notifying about 12,000 veterans treated at the VA hospital in Indianapolis that they may be at risk for identity theft because of records inadvertently stored on a computer stolen Saturday.
The VA will offer credit protection and financial protection to everyone whose names, Social Security numbers and birthdates were stored on thestolen computer, said VA spokeswoman Jo Schuda.
Three computers, printers and other computer equipment were taken from the Roudebush VA Medical Center in Indianapolis in a theft discovered Monday that is believed to have occurred on Saturday, Schuda said. The VA inspector general and federal, state and local law enforcement are investigating, she said.
One of the stolen computers contained personal information on about 12,000 patients that was being used for billing purposes, Schuda said. Both inpatients and outpatients are affected.
Rep. Steve Buyer, R-Ind., the former chairman of the House Veterans’ Affairs Committee and the architect of VA computer security policies put into federal law, said sensitive information on veterans is supposed to be kept on servers, not on personalcomputers, to reduce the chances of a security breach.
Schuda said she was not fully aware of the security policy, but the civilian employee who had the data on her computer’s hard drive appeared to be unaware that it was even there until meeting with VA security employees to talk about what records might be missing.
Schuda said the hard drive containing the personal data was password-protected, but she did not know if the information was encrypted. VA security policies call for personal information stored on laptopcomputers and in portable storage devices to be encrypted. VA servers also have security to prevent intrusion and unauthorized use, but that did not appear to help in this case, where information pulled from the hospital’scomputer network was automatically saved on the desktop computer.
Schuda would not identify the worker, but a congressional source — speaking on the condition of anonymity — said the employee was someone in charge of compliance withcomputer security procedures, which makes the presence of the data on the computer hard drive even more disturbing.
Buyer, who pushed for changes after the VA lost personal information on more than 26 million people in May 2006, said he is “very upset” by the loss of the information. “Safeguarding personal information is very important,” he said.
“I recognize that things cannot be fixed right away, and that it make take two or three years to change the system, but the VA needs to know there are potentially serious implications,” Buyer said. “I also recognize that given the involvement of humans, laptopcomputers are going to be left in planes, in hotels and in taxis, and that people are going to try to steal them. That is why we need to have a security policy that works.”
Related reading:
Posts
No comments:
Post a Comment