Number of veterans whose personal information was put at risk nearly triples in a month

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.fiercegovernmentit.com/story/number-veterans-whose-personal-information-was-put-risk-nearly-triples-mont/2015-03-19


Between January and February, the number of veterans who had personal
information affected by data breaches nearly tripled, according to a new
report.

Last month, 891 veterans were affected, 770 in relation to protected health
information incidents, according to the Veterans Affairs Department's
monthly data breach report (pdf). The previous month's report (pdf) shows
that 310 veterans were affected and 242 incidents were related to health
information.

Some of the exposures resulted from mismailings by VA. For instance, one
case from Feb. 4 states that Patient A received a prescription intended for
Patient B because of a packing error at the Great Lakes Consolidated Mail
Outpatient Pharmacy.

"The CMOP employee will be counseled and retrained in proper packing
procedures," the report states.

On Feb. 10, a former VA employee acting as a whistleblower gave a reporter
a waitlist that included the last four digits of Social Security numbers,
clinic names, scheduled dates and possibly first and last names.

"The media used the list in reporting a story and had stated 'they have
redacted protected health information (PHI)' to protect the Veterans.
However, it is unknown when and who redacted the information and how many
unredacted lists could still be at large," the report states. "This
incident occurred in the Sleep Clinic, a clinic which previously had two
missing laptops this year. It is unknown if this is related, but it is
possible."

The latest report also states that more than 4.3 million intrusion attempts
were blocked, more than 930 million malware attacks were blocked or
contained, and about 68.3 million suspicious or malicious email messages
were blocked.

Moreover, the number of mishandled incidents rose from 92 in January to 118
in February, although the number of lost and stolen devices fell from 45 to
36.

VA has been plagued by data breaches in recent years. As a result, the
department is required to submit IT security reports to Congress.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!