United States Department of Veterans Affairs

Dorn VA medical center may have suffered data breach

September 9th, 2014

The Dorn Veterans Administration Hospital may have suffered data breach after officials recently came to know that several boxes with patients’ information had gone missing. According to the reports, four boxes of pathology reports that were stored in a locked area are not present in the desired place.

“We are contacting our Veterans who may have been impacted,” Medical Center Director Timothy McMurry said in a statement. “For we take the loss of personal information very seriously.”

Details of the boxes are –

  • Records in question are only from the years 1999, 2000, and 2002
  • Patients’ names, Social Security numbers (SSNs) and pathology reports are included in the missing files
  • 2,000 patients may have had their personal information compromised

Dorn officials came to know about the missing boxes when they planned moving them in long term storage facility. Officials believe that till date no information is being misused however they mentioned that one year of free credit monitoring is available to veterans who are notified in writing. This is not the first time that Dorn found itself face-to-face with a security issues, earlier unprotected laptop was stolen. According to the reports, patient names, birth dates, weight, race, respiratory test results and partial Social Security numbers (last four digits) were all included on the pulmonary testing lab laptop. Till date, laptop is not recovered.

Paper records results to most VA data breaches

August 12th, 2013

According to Stephen Warren, VA Acting Assistant Secretary for Information and Technology, paper based records are the leading cause of data breaches at the Department of Veterans Affairs.

Warren briefed stated that up to 98 percent of data breach incidents still continue to involve “physical paper”, whereas the theft of patent information contained in electronic devices is very rare and steady now.

Problematic paper records include documentation misplaced, mishandled or improperly mailed by agency employees – such mistakes takes place hundreds of times every month, as suggested by VA’s data breach report over the three-month period. Vetran’s personal information such as Social Security numbers, address, compensation and pension claim ratings is exposed publicly.

Warren said instances where veterans’ information is not kept private are undesirable, but he said that the error rate of VA is very low considering its large number of patients. It has the best error rate in the health care industry for mishandling and it sends millions of packages per month. Patients that experience privacy issues are frequently offered credit protection services from VA.

Warren said “We are constantly reinforcing the fact” that health care matters, emphasizing that every data breach report is investigated and analyzed. In 2008, The VA’s Data Breach Core Team was created, in order to review monthly data breaches they make use of key players in several of the department’s components, assessing risk based on National Institute of Standards and Technology-developed standards.

During this three month period, most data breach incidents were rates as low risk, none were classified as high risk.

Six personal computers and 27 laptops were reported missing between April and June, three of which were not encrypted. Based on the reports, the stolen or misplaced electronic devices did not have access to VA’s network, so it does not appear that private information, with the potential exception of the names of some veterans, was compromised.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta