More VA Data Is Stolen, This Time From Subcontractor Unisys - InformationWeek
Software // Enterprise Applications
05:45 PM

More VA Data Is Stolen, This Time From Subcontractor Unisys

It's different than the last VA computer theft: It involves far fewer names, and the VA has moved quickly to spread the word.

After spending the past few months getting an earful from angry veterans and posturing politicians, the Veterans Affairs Department thought it might begin to distance itself from the stigma of May's stolen laptop and hard drive containing sensitive information about millions of veterans and their spouses. Not so. Veterans Affairs Monday delivered cringe-inducing news that a PC containing personal information on thousands of veterans is missing from a Unisys office.

The VA hired subcontractor Unisys to assist in insurance collections for the department's medical centers in Pittsburgh and Philadelphia. On Aug. 3, Unisys informed the VA that a computer was missing from its Reston, Va., offices. According to VA officials, information on the desktop computer was password protected but was not encrypted. The VA's initial estimates indicate that the computer contained information on about 5,000 patients treated in Philadelphia, 11,000 patients treated in Pittsburgh, and 2,000 deceased patients. The VA is also investigating the possibility the computer may have contained information on another 20,000 people who received care through the Pittsburgh medical center.

That pales in comparison with the laptop theft that took place in May and included 26.5 million records. The VA issued a statement Monday saying it believes the desktop computer may have contained patients' names, addresses, Social Security numbers, dates of birth, insurance carriers and billing information, dates of military service, and claims data that may include some medical information.

The VA said this time around it alerted Secretary James Nicholson as well as the department's deputy secretary, certain congressional offices and committees, the VA Office of the Inspector General, the FBI, and the Homeland Security Department's Computer Emergency Response Team. The VA took a lot of heat after the last theft because Nicholson said he didn't find out about the missing laptop until weeks after the crime.

"VA is making progress to reform its information technology and cyber security procedures, but this report of a missing computer at a subcontractor's secure building underscores the complexity of the work ahead as we establish VA as a leader in data and information security," Nicholson said in a statement.

After several hearings lambasting the VA's lack of organization and inadequate security measures, Congress' reaction has been a bit more circumspect so far in reaction to this latest theft. "We clearly appear to have a systems problem with VA data security that needs to be fixed," Sen. Larry Craig (R-Idaho), who chairs the Senate oversight committee on veterans' issues, said in a prepared statement. "Since it was a private contractor involved, I expect VA to hold the contractor financially responsible for any costs that veterans may incur as the result of this loss."

The news isn't all bad for the VA. Over the weekend Montgomery County, Md., police arrested two 19-year-olds for the original laptop and hard drive theft. A third person, a juvenile, also is being held in custody.

Both of the 19-year-olds were charged with first-degree burglary and theft over $500. The Hewlett-Packard HPZV5360 laptop and HP PC170 external hard drive were recovered on June 28 after the U.S. Park Police received information about the computer equipment's whereabouts. Police say the suspects did not know the laptop and hard drive contained sensitive government information until after a reward was posted for their return.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll