Deja vu all over again at Veterans Administration
Another breach for an agency that's prone to them
Computerworld - In what's become a fairly familiar routine for them of late, the U.S. Department of Veterans Affairs is investigating a potential data breach -- the theft of three computers containing personal data on potentially 12,000 individuals.
Two desktop PCs and one laptop containing that data were stolen from a VA medical facility in Indianapolis -- ironically enough, on Veterans Day. The records belong to patients who were treated at the hospital and include Social Security numbers and other personally identifiable information.
"It appears from this most recent breach that there are still some in the VA, even some responsible for the security of such data, who don't realize the importance of the security of the names and data of our veterans," U.S. Rep. Steve Buyer (R-Ind.) said in a prepared statement.
According to Buyer, the VA notified his office of the breach on Thursday and is working to ascertain the names and data of the people who might have been affected by the theft.
Buyer was the chairman of the House Committee on Veterans' Affairs until the Democrats took control of Congress last year. As chairman, he held 16 hearings on IT issues at the VA, eight of which were specifically on security. The hearings were designed to identity the issues that led to the loss of a laptop and hard disk containing personal data on more than 26.5 million veterans in May 2006.
That incident led to a sweeping overhaul of the VA's IT organization and more direct power being bestowed on the office of the CIO to make needed security changes.
"It is inexcusable that the VA repeatedly fails to comply with its own policy to safeguard veterans' personal information," Buyer said in his statement. He added that the agency needs to provide full credit monitoring to all those affected by the latest breach.
The theft at the Richard L. Roudebush VA Medical Center in Indianapolis is the latest in a string of similar incidents that have occurred at the VA before and after the massive data breach brought the agency's security shortcomings to light.
Last January, an IT specialist at a VA medical center in Birmingham, Alabama, reported as missing (download PDF) a hard disk containing personal data on more than 250,000 veterans and an additional 1.3 million medical providers.
In August of last year, at the height of the uproar over the May breach, the VA disclosed that Unisys Corp., a subcontractor hired to assist in insurance collections for VA medical centers in Pittsburgh, had reported a missing computer containing personal data on over 16,000 veterans.
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!