The Department of Veterans Affairs announced that a hard drive that went missing last month actually may contain sensitive information on about 535,000 veterans, along with 1.3 million doctors.
The VA employee who had been issued the missing computer has been placed on administrative leave pending the outcome of the investigation.
Earlier this month, the VA, which has been plagued by lost computers in recent years, revealed that in late January an employee at the Birmingham, Ala., VA Medical Center reported an external hard drive missing. That drive, said the worker, may have contained veterans' personal files, some of which may have been stored on the drive in unencrypted form.
Rep. Spencer Bachus, R-Ala., whose district surrounds Birmingham, said at the time of the initial announcement that as many as 48,000 veterans' records were on the drive, and as many as 20,000 weren't encrypted.
This week, the VA issued an update.
The VA's Office of Inspector General has been investigating the loss and announced it has determined that data files the employee was working with may have included sensitive VA-related information on about 535,000 people. The investigation also has found that information on about 1.3 million non-VA physicians -- both living and dead -- could've been stored on the missing hard drive as well. While VA officials say they believe most of the physician information is readily available to the public, some of the files may contain sensitive information.
In a statement on its Web site, the VA said it continues to examine data on the employee's work computer. Agency officials don't have any information at this point that the data has been misused.
"The VA will continue working around the clock to determine every possible detail we can," said Jim Nicholson, secretary of Veterans Affairs, in a written statement. "I am concerned and will remain so until we have notified those potentially affected and get to the bottom of what happened."
Now begins the arduous process of notifying people whose sensitive information may have been on the hard drive, according to the online announcement. The agency also is making arrangements to provide one year of free credit monitoring to them.
"The VA is unwavering in our resolve to bolster our data security measures," said Nicholson. "We remain focused on doing everything that can be done to protect the personal information with which we are entrusted."
In May, the VA said a laptop and hard drive containing 26.5 million personal records of current and former members of the military were stolen and that the identities were at risk for fraud. Although the hardware was later recovered, the incident led to a revamping of VA rules concerning information storage and use.