Missing Hard Drive Holds Sensitive Data On 535K Vets, 1.3M Doctors
The Department of Veterans Affairs issues an update on its investigation into the January loss of a hard drive. The employee who lost it is on administrative leave.
The Department of Veterans Affairs announced that a hard drive that went missing last month actually may contain sensitive information on about 535,000 veterans, along with 1.3 million doctors.
The VA employee who had been issued the missing computer has been placed on administrative leave pending the outcome of the investigation.
Earlier this month, the VA, which has been plagued by lost computers in recent years, revealed that in late January an employee at the Birmingham, Ala., VA Medical Center reported an external hard drive missing. That drive, said the worker, may have contained veterans' personal files, some of which may have been stored on the drive in unencrypted form.
Rep. Spencer Bachus, R-Ala., whose district surrounds Birmingham, said at the time of the initial announcement that as many as 48,000 veterans' records were on the drive, and as many as 20,000 weren't encrypted.
This week, the VA issued an update.
The VA's Office of Inspector General has been investigating the loss and announced it has determined that data files the employee was working with may have included sensitive VA-related information on about 535,000 people. The investigation also has found that information on about 1.3 million non-VA physicians -- both living and dead -- could've been stored on the missing hard drive as well. While VA officials say they believe most of the physician information is readily available to the public, some of the files may contain sensitive information.
In a statement on its Web site, the VA said it continues to examine data on the employee's work computer. Agency officials don't have any information at this point that the data has been misused.
"The VA will continue working around the clock to determine every possible detail we can," said Jim Nicholson, secretary of Veterans Affairs, in a written statement. "I am concerned and will remain so until we have notified those potentially affected and get to the bottom of what happened."
Now begins the arduous process of notifying people whose sensitive information may have been on the hard drive, according to the online announcement. The agency also is making arrangements to provide one year of free credit monitoring to them.
"The VA is unwavering in our resolve to bolster our data security measures," said Nicholson. "We remain focused on doing everything that can be done to protect the personal information with which we are entrusted."
In May, the VA said a laptop and hard drive containing 26.5 million personal records of current and former members of the military were stolen and that the identities were at risk for fraud. Although the hardware was later recovered, the incident led to a revamping of VA rules concerning information storage and use.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.