Running Total for 2007 as of February 12th - a minimum of

22,512,946

Individual Records Were Illegally Breached. The National Pandemic of Stupidity Continues... Are You on the List?

Monday, February 12, 2007

VA Data Breach is NATIONWIDE - VA UPdates to 1.85Million the Number of Lost "Records"

Just like last time, the information slowly trickles out about the breach at the Veterans Administration. Again, just as in the last case, they have made and will continue to make "revisions" to the amount of data that was actually lost. These revisions are always UP and involve new and shocking information with each release. The latest revision was released on a SUNDAY - yet again showing the VA's habit of releasing information on a holiday, weekend or at other times in an effort to "slide by" the media and the public.

When everything is said and done and they actually do find the hard drive in some black market stall, they will undeniably announce like they did last time that "the data has not been accessed" although we know this statement to be a lie since there is absolutely no way of knowing whether or not the data was accessed, copied or ghosted to another hard drive.

How about a full-blown press conference Mr. Nicholson - say at 2:00PM on a Wednesday - with 2 business days notice to the national and local press, full disclosure of all events and facts and a question & answer period at the end? I am sure you could find time in your schedule to enlighten the American people that pay your salary and actually fund the VA.

This UPdate pegged the number of VA Individuals that were affected was 535,000 (Not the 48,000 with only 20,000 records "unencrypted" as stated previously) and the real shocker this time is that there were additional NON-VA records of 1.3 million private Physicians although the VA states that only "some of the files contain personal information".

Whom and What to believe are the real questions here. The VA should know by now after 4 weeks exactly what information was on the hard drive and should disclose everything - not just feed us bit-by-bit hoping that no-one will put the information together.

VA Update on Missing Hard Drive in Birmingham, Ala

11 Feb 2007, 5:37 PM CST

WASHINGTON -- The Department of Veterans Affairs (VA) on Sunday issued an update on the information potentially contained on a missing government-owned, portable hard drive used by a VA employee at a Department facility in Birmingham, Ala.

“Our investigation into this incident continues, but I believe it is important to provide the public additional details as quickly as we can,” said Jim Nicholson, Secretary of Veterans Affairs. “I am concerned and will remain so until we have notified those potentially affected and get to the bottom of what happened.

“VA will continue working around the clock to determine every possible detail we can,” Nicholson said.

VA and VA’s Office of Inspector General have learned that data files the employee was working with may have included sensitive VA-related information on approximately 535,000 individuals. The investigation has also determined that information on approximately 1.3 million non-VA physicians — both living and deceased— could have been stored on the missing hard drive. It is believed though, that most of the physician information is readily available to the public. Some of the files, however, may contain sensitive information.

VA continues to examine data on the employee’s work computer. The employee has been placed on administrative leave pending the outcome of the investigation. VA has no information the data has been misused.

The non-VA physician data is used by VA to enhance the quality of care for veterans by analyzing and comparing information about the health care received from VA and non-VA providers.

Next week, VA will begin making notifications to individuals whose sensitive information may have been on the hard drive. VA is also making arrangements to provide one year of free credit monitoring to those whose information proves compromised.

“VA is unwavering in our resolve to bolster our data security measures,” Nicholson added. “We remain focused on doing everything that can be done to protect the personal information with which we are entrusted.”

On January 22, the employee, who works at the Birmingham (Ala.) VA Medical Center, reported the external hard drive was missing. On January 23, VA’s IG was notified. The OIG opened a criminal investigation, sent special agents to the medical center, and notified the FBI. VA’s Office of Information & Technology in Washington, D.C. also dispatched an incident response team to investigate.

The OIG seized the employee’s work computer and began analyzing its contents. This analysis continues and VA IT staff has been providing technical support.

In addition to the ongoing criminal investigation, the OIG initiated an administrative investigation to determine how such an incident could occur.

VA is operating a call center that individuals can contact to get information about this incident. That toll-free number is 1-877-894-2600. The call center will operate every day from 7 a.m. to 9 p.m. CST as long as it is needed.

No comments: