VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data

from the the-ministry-of-data-leaks dept

When we last checked in with the Veterans Administration (VA) it was to suggest that it rename itself the “Ministry of Data Leaks.” That’s because every year or so they admit that they’ve lost a computer that happens to contain unencrypted personal data on VA members. And, each report seems to get worse than the previous one. So you would think that, by now, the VA would have at least put in place some system to encrypt and protect the data it stores. That would be wishful thinking. It’s now come out that the VA has had two major data breaches in just the last month — both involving laptops that had unencrypted data.

Of course, this comes after those earlier breaches cost taxpayers tens of millions of dollars in notifications and in response to a class action lawsuit, leading Congress to require the VA to encrypt its data. Apparently, the VA didn’t bother to actually follow through on that requirement. Congress is now investigating again, with the following statement from Rep. Steve Buyer in kicking off the investigation:

“I attribute the continued lack of security to poor memory among VA’s senior management, and its failure to realize the magnitude of the problem that could have been prevented,” Buyer writes. “This is an inexcusable abrogation of responsibility that would not be tolerated in any private company. Veterans and American taxpayers expect a higher standard from the VA….”

Not that I expect a Congressional investigation to be very effective, but at some point you have to wonder what folks at the VA are thinking.

Filed Under: ,
Companies: va, veterans administration

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data”

Subscribe: RSS Leave a comment
Joe Harkins (user link) says:

ignorant remarks are . . . ignorant

ChurchHatesTucker has not clue and therefore discounts his comment. The potential for harm in the data release is magnified by one simple fact. The VA has the widely acknowledged and most complete dossier on every person it handles. The medical records system is the envy of the medical world. Speaking as one who has been a 16-year patient of theirs for heavy duty issues (cured prostate cancer, cured skin cancer, etc.)

I know first hand that I can walk into any VA hospital at any hou5 of the night or any day of the year (like I once did Thanksgiving Day at 4am 400 miles from home) and the person treating me has a total, in-depth, chronological, searchable history of every thing about me on screen. They have every allergy, every medication past and current, every procedure, every blood pressure reading, every blood test, everything everything, everything.

I assure you that few physicians anywehere else have that info unless they are using one of the few commercial systems based on that of the VA.

So this not not merely (!) about SS numbers or unlisted phone numbers. The real problem, contrary to the uniformed comment is that the VA knows very well how to use a computer.

Anonymous Coward says:

Veterans and American taxpayers expect a higher standard from the VA….”

American taxpayers might expect more, but Veterans? Oh hell no. The VA is known for incompetence in most areas. The average wait time on disability is two years and they’re liable to lose your medical records at least once.

rwahrens (profile) says:

not hard

I work for the FDA.

EVERY laptop we buy goes through a central receiving facility, where it has a standard image put on it – that includes whole disk encryption.

If one of these laptops gets lost, its a boat anchor without that password.

Also, we use, extensively, a secure remote access system through which all employes can access data – securely and without storing anything on the local hard drive.

It really isn’t hard. Expensive? Yes, but no more expensive than responding to a lawsuit, and the money is spent in a more productive manner!

Spaceman Spiff (profile) says:

No incentive to change

As long as there are no severe repercussions for the management of the VA (such as losing their jobs, or jail time), then there is no incentive for them to change their behavior. Since the VA is an agency of the US federal government, it is up to Congress to put some teeth into the regulations that govern the VA and other agencies that are under their purview, and we know just how likely that is…

Anonymous Coward says:

VA Data Protection

I do research at the VA, and I can attest to the fact that, over the last 6 months, they have been pushing HARD for people to follow new IT security guidelines. All laptops, thumb drives, and external hard drives are supposed to be encrypted. Any personal laptops, thumb drives, or external hard drives are not allowed on the premises and are supposed to be confiscated if found. I think the problem isn’t that upper management isn’t making an effort, but that, for a national agency this large, there is a fair amount of momentum in changing the behaviors of employees. Its a shame that this happened again, and I expect they’ll make some token effort to lock things down even more, but the reality is that, with a little bit of time, I bet their policies will make a difference.

NetSurfer (profile) says:

DVA not VA

FWIW the old Veterans Administration became the current Department of Veterans Affairs (by being made a cabinet level agency) many years ago, so the more accurate reference is “Veterans Affairs” and not “the Veterans Administration”. Also VA does not have “members” but rather VA serves veterans and their dependents. It isn’t a club you join but rather a benefit you gain from having served honorably in the military or by being related to someone who has thusly served.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...