Veterans Administration Now Known As Ministry For Data Leaks

from the leak-rinse-repeat dept

In the middle of last year, a laptop and hard drive containing personal information on 26.5 million US veterans were stolen from an employee’s home. While the equipment was recovered, and the government claimed the data had not been accessed, the theft highlighted the lax security procedures of the VA — and another theft a few months later reinforced it. Now, try not to be surprised, but it’s happened again, as portable hard drive containing personal information on 48,000 vets has gone missing from an Alabama facility. Despite the VA saying it was beefing up data security after the first theft by taking measures including putting encryption software on all its laptops and desktop PCs, apparently as many as 20,000 records on this latest hard drive weren’t encrypted. While encryption is by no means a cure-all, it’s pretty ridiculous that even after the previous high-profile events, the VA still can’t be bothered to even take this first step with all its data. There’s a total lack of accountability and responsibility here: while there’s been talk of mandating stiffer penalties for individuals who are negligent with personal data, that’s nothing more than smoke and mirrors. It hides the real problem, which is an environment that, from the top down, accepts and excuses this sort of behavior. Until that changes, expect more data leaks.


Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Veterans Administration Now Known As Ministry For Data Leaks”

Subscribe: RSS Leave a comment
9 Comments
dorpus says:

Hey, that's across the street

from where I take classes. I drive by the VA every day.

What would anyone do with data theft in Alabama, though? I enjoy the local low-security culture. It’s not like California, where security guard bullies are always threatening to arrest anyone who so much as walks into a store through the wrong entrance.

Bill Hoffer says:

Re: Hey, that's across the street

“security guard bullies”? Like the ones at Disney Land and who drive around shopping malls and school grounds in golf carts? You are afraid of these people? The phrase, “threatening to arrest” is funny – it sounds similar to something a school girl might say to another school kid who is making faces at her.

dorpus says:

Re: Re: Hey, that's across the street

“security guard bullies”? Like the ones at Disney Land and who drive around shopping malls and school grounds in golf carts? You are afraid of these people? The phrase, “threatening to arrest” is funny – it sounds similar to something a school girl might say to another school kid who is making faces at her.

They are allowed to arrest people, they carry handcuffs and pepper spray, sometimes even guns. They are usually incompetent Mexican-Americans on a power trip. I haven’t been arrested, but I’ve seen them do it to others for trivial offenses like standing in the wrong place.

Neonghost says:

HIPPA

The VA handles health care related issues and that means HIPPA. I work in IT for a University hospital and deal with HIPPA related issue very often. A first offence, even accidental, of exposing protected health information can be a year in jial and a 10g fine. And that if I accidently put a patients room number in a clear text field.

However outside of IT I have found no one takes HIPPA seriously. Just goes to show you that if you don’t understand a thing you don’t respect it.

Petty Officer White says:

Shame

Damn shame. Get the right people in place to do the job and get it done. Again and again, damned shame. Horrible way to house, store, and administer information of Veterans.

Who cares about veterans with short-order lovers, car chases, knuckheads who eat their children, politicians posing for dingle-boy magazine, runners to corner blocks for daily shooters of ills we lover, and the veteran begs for a dollar while offering directions to Macy’s on G street….

Can I get a war, so Vets can find some love!!!

Ray Trygstad (profile) says:

It's a Policy Issue!

This is not a failure of technology: it’s a failure of policy, which is the core management tool for information security. There has to be a policy governing data on portable devices, the policy has to be enforced, and there has to be consequences for failure to comply. The policy might prescribe a technological control (i.e. encryption), but there has to be policy. This certainly does not seem to be the case in the Department of Veteran’s Affairs.

BTW the government is NOT exempt from HIPAA; on top of that, as a Federal agency, the DVA is also subject to FISMA, the Federal Information Security Management Act, which is much tougher than any IT security standards legislatively required of any commercial entities.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...