Computerworld - In what's become a fairly familiar routine for them of late, the U.S. Department of Veterans Affairs is investigating a potential data breach -- the theft of three computers containing personal data on potentially 12,000 individuals.
Two desktop PCs and one laptop containing that data were stolen from a VA medical facility in Indianapolis -- ironically enough, on Veterans Day. The records belong to patients who were treated at the hospital and include Social Security numbers and other personally identifiable information.
"It appears from this most recent breach that there are still some in the VA, even some responsible for the security of such data, who don't realize the importance of the security of the names and data of our veterans," U.S. Rep. Steve Buyer (R-Ind.) said in a prepared statement.
According to Buyer, the VA notified his office of the breach on Thursday and is working to ascertain the names and data of the people who might have been affected by the theft.
Buyer was the chairman of the House Committee on Veterans' Affairs until the Democrats took control of Congress last year. As chairman, he held 16 hearings on IT issues at the VA, eight of which were specifically on security. The hearings were designed to identity the issues that led to the loss of a laptop and hard disk containing personal data on more than 26.5 million veterans in May 2006.
That incident led to a sweeping overhaul of the VA's IT organization and more direct power being bestowed on the office of the CIO to make needed security changes.
"It is inexcusable that the VA repeatedly fails to comply with its own policy to safeguard veterans' personal information," Buyer said in his statement. He added that the agency needs to provide full credit monitoring to all those affected by the latest breach.
The theft at the Richard L. Roudebush VA Medical Center in Indianapolis is the latest in a string of similar incidents that have occurred at the VA before and after the massive data breach brought the agency's security shortcomings to light.
Last January, an IT specialist at a VA medical center in Birmingham, Alabama, reported as missing (download PDF) a hard disk containing personal data on more than 250,000 veterans and an additional 1.3 million medical providers.
In August of last year, at the height of the uproar over the May breach, the VA disclosed that Unisys Corp., a subcontractor hired to assist in insurance collections for VA medical centers in Pittsburgh, had reported a missing computer containing personal data on over 16,000 veterans.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
