VA contractor computer with personal data stolen
By: Michael Hampton
Posted: August 7, 2006 9:13 pm
Share this story: del.icio.us reddit.com Newsvine
If you visited a Veterans Administration medical center in Philadelphia or Pittsburgh, Pa., anytime within the last four years, a VA contractor has just lost your personal information. Again.
The VA announced Monday that its contractor, Unisys, suffered a theft of a desktop computer from one of its offices which is believed to contain the names, addresses, Social Security numbers, insurance information and other medical data for as many as 38,000 people.
VA said Monday that it believes the records involved are limited to people who received treatment at those two Pennsylvania medical centers during the past four years. It is believed the desktop computer may have contained patients’ names, addresses, Social Security Numbers, dates of birth, insurance carriers and billing information, dates of military service, and claims data that may include some medical information.
Unisys notified VA Aug. 3 that the computer was missing from its Reston, Va., offices. VA immediately dispatched a team to Unisys to assist in the search for the missing computer and to help determine the precise nature of the information it may have contained.
Unisys had observed security controls, but there was not a requirement to encrypt the data, said Unisys spokeswoman Lisa Meyer.
“The building and floor where the computer was located require security protocols for physical access. Log-in and password protocols also were required to access the data, which were stored in a database on the computer,” she said.
“Unisys takes very seriously its responsibility to safeguard individuals’ personal information and shares the concerns this incident will cause,” the company said. It will also work with VA regarding the notification of potentially affected veterans and the offer of credit monitoring. — Government Computer News
Initial estimates released by the VA indicate the computer contained information on approximately 5,000 patients treated at Philadelphia, approximately 11,000 patients treated at Pittsburgh, and approximately 2,000 deceased patients. VA said it is also investigating the possibility that the computer may have contained information on approximately 20,000 other people who received care through the Pittsburgh medical center.
Unlike last time, when a VA employee’s laptop was stolen from his home and officials weren’t notified for three weeks of the largest data breach in government history, this time the VA actually notified all the top brass, including the Secretary and Deputy Secretary, various congressional offices and committees, VA’s Office of the Inspector General and other law enforcement authorities, including the Federal Bureau of Investigation and the Department of Homeland Security’s Computer Emergency Response Team.
“VA’s Inspector General, the FBI and local law enforcement are conducting a thorough investigation of this matter,” said Secretary of Veterans Affairs James R. Nicholson.
That laptop was recovered in June, and two men were arrested last weekend for the burglary. Officials believe none of the data had been accessed.
