RSS
VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data
from the the-ministry-of-data-leaks dept
When we last checked in with the Veterans Administration (VA) it was to suggest that it rename itself the "Ministry of Data Leaks." That's because every year or so they admit that they've lost a computer that happens to contain unencrypted personal data on VA members. And, each report seems to get worse than the previous one. So you would think that, by now, the VA would have at least put in place some system to encrypt and protect the data it stores. That would be wishful thinking. It's now come out that the VA has had two major data breaches in just the last month -- both involving laptops that had unencrypted data.
Of course, this comes after those earlier breaches cost taxpayers tens of millions of dollars in notifications and in response to a class action lawsuit, leading Congress to require the VA to encrypt its data. Apparently, the VA didn't bother to actually follow through on that requirement. Congress is now investigating again, with the following statement from Rep. Steve Buyer in kicking off the investigation:
Of course, this comes after those earlier breaches cost taxpayers tens of millions of dollars in notifications and in response to a class action lawsuit, leading Congress to require the VA to encrypt its data. Apparently, the VA didn't bother to actually follow through on that requirement. Congress is now investigating again, with the following statement from Rep. Steve Buyer in kicking off the investigation:
"I attribute the continued lack of security to poor memory among VA's senior management, and its failure to realize the magnitude of the problem that could have been prevented," Buyer writes. "This is an inexcusable abrogation of responsibility that would not be tolerated in any private company. Veterans and American taxpayers expect a higher standard from the VA...."Not that I expect a Congressional investigation to be very effective, but at some point you have to wonder what folks at the VA are thinking.
I have a business...
Why and How Developers Use Mobile Payments: Infographic
The Future Of Commerce Will Combine Your Social Network And Mobile Device
I have an app...
App Developer Conversations: What Does The iPad Mini Mean For The App Economy?
Top 5 Reasons Why Mobile Analytics Is Important
I have an idea...
App Developer Conversations: Successful Fundraising Techniques
Securing Venture Capital for that Next App Development
Reader Comments (rss)
(Flattened / Threaded)
Oh please
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
ignorant remarks are . . . ignorant
I know first hand that I can walk into any VA hospital at any hou5 of the night or any day of the year (like I once did Thanksgiving Day at 4am 400 miles from home) and the person treating me has a total, in-depth, chronological, searchable history of every thing about me on screen. They have every allergy, every medication past and current, every procedure, every blood pressure reading, every blood test, everything everything, everything.
I assure you that few physicians anywehere else have that info unless they are using one of the few commercial systems based on that of the VA.
So this not not merely (!) about SS numbers or unlisted phone numbers. The real problem, contrary to the uniformed comment is that the VA knows very well how to use a computer.
[ reply to this | link to this | view in thread ]
American taxpayers might expect more, but Veterans? Oh hell no. The VA is known for incompetence in most areas. The average wait time on disability is two years and they're liable to lose your medical records at least once.
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
Re:
[ reply to this | link to this | view in thread ]
not hard
EVERY laptop we buy goes through a central receiving facility, where it has a standard image put on it - that includes whole disk encryption.
If one of these laptops gets lost, its a boat anchor without that password.
Also, we use, extensively, a secure remote access system through which all employes can access data - securely and without storing anything on the local hard drive.
It really isn't hard. Expensive? Yes, but no more expensive than responding to a lawsuit, and the money is spent in a more productive manner!
[ reply to this | link to this | view in thread ]
Re: not hard
Typical disk encryption is not uncrackable
"Expensive? Yes"
Doesn't have to be
[ reply to this | link to this | view in thread ]
[ reply to this | link to this | view in thread ]
No incentive to change
[ reply to this | link to this | view in thread ]
VA Data Protection
[ reply to this | link to this | view in thread ]
DVA not VA
[ reply to this | link to this | view in thread ]
HAHAHAHA
So they are saying the reason for this is that the VA had a SENIOR moment. HAHA
[ reply to this | link to this | view in thread ]
Re: ignorant remarks are . . . ignorant
Um. OK.
"The real problem, contrary to the uniformed comment is that the VA knows very well how to use a computer."
As I said, it's not that they can use a computer *well*, it's that they can use it at all.
[ reply to this | link to this | view in thread ]
Add Your Comment