BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

VA investigating security breach of veterans' medical data

From: security curmudgeon <jericho () attrition org>
Date: Thu, 11 Mar 2010 21:13:16 +0000 (UTC)

[Given the date and description, this sounds like a new / different VA
  incident - jericho]

http://www.nextgov.com/nextgov/ng_20100309_9888.php

VA investigating security breach of veterans' medical data
By Bob Brewin 03/09/2010

The Veterans Affairs Department's inspector general has launched a 
criminal investigation into a physician assistant's alleged downloading of 
veterans' clinical data at its Atlanta medical center, sources have told 
Nextgov.

The assistant allegedly recorded two sets of patient data on to a personal 
laptop for research purposes. One set included three years' worth of 
patient data and another held 18 years of medical information, according 
to a source familiar with the incident and who asked not to identified.

Roger Baker, VA's chief information officer, commented on an item about 
the incident that was posted Monday evening on a Nextgov blog that the 
physician assistant's laptop was never connected to the VA network and any 
data she recorded on her laptop was "hand entered."

But the source told Nextgov the VA inspector general is investigating 
whether the assistant used two thumb drives to transfer the data to the 
laptop.

The department has not disclosed the number of patients involved in the 
incident, what kind of personal data was copied, or whether it plans to 
notify the veterans whose records were downloaded.

VA spokeswoman Katie Roberts said she cannot comment in detail on the 
Atlanta breach because it is under investigation. But in an e-mail, she 
stated, "VA is committed to protecting the privacy of veterans who have 
used our health care facilities. VA's Office of Inspector General is 
currently investigating a report that a former VA physician assistant 
stored unauthorized clinical data about patients at the Atlanta [VA 
medical center] on a personal laptop computer.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: