pc theft

Paper records results to most VA data breaches

August 12th, 2013

According to Stephen Warren, VA Acting Assistant Secretary for Information and Technology, paper based records are the leading cause of data breaches at the Department of Veterans Affairs.

Warren briefed stated that up to 98 percent of data breach incidents still continue to involve “physical paper”, whereas the theft of patent information contained in electronic devices is very rare and steady now.

Problematic paper records include documentation misplaced, mishandled or improperly mailed by agency employees – such mistakes takes place hundreds of times every month, as suggested by VA’s data breach report over the three-month period. Vetran’s personal information such as Social Security numbers, address, compensation and pension claim ratings is exposed publicly.

Warren said instances where veterans’ information is not kept private are undesirable, but he said that the error rate of VA is very low considering its large number of patients. It has the best error rate in the health care industry for mishandling and it sends millions of packages per month. Patients that experience privacy issues are frequently offered credit protection services from VA.

Warren said “We are constantly reinforcing the fact” that health care matters, emphasizing that every data breach report is investigated and analyzed. In 2008, The VA’s Data Breach Core Team was created, in order to review monthly data breaches they make use of key players in several of the department’s components, assessing risk based on National Institute of Standards and Technology-developed standards.

During this three month period, most data breach incidents were rates as low risk, none were classified as high risk.

Six personal computers and 27 laptops were reported missing between April and June, three of which were not encrypted. Based on the reports, the stolen or misplaced electronic devices did not have access to VA’s network, so it does not appear that private information, with the potential exception of the names of some veterans, was compromised.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta