VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data
from the the-ministry-of-data-leaks dept
When we last checked in with the Veterans Administration (VA) it was to suggest that it rename itself the "Ministry of Data Leaks." That's because every year or so they admit that they've lost a computer that happens to contain unencrypted personal data on VA members. And, each report seems to get worse than the previous one. So you would think that, by now, the VA would have at least put in place some system to encrypt and protect the data it stores. That would be wishful thinking. It's now come out that the VA has had two major data breaches in just the last month -- both involving laptops that had unencrypted data.Of course, this comes after those earlier breaches cost taxpayers tens of millions of dollars in notifications and in response to a class action lawsuit, leading Congress to require the VA to encrypt its data. Apparently, the VA didn't bother to actually follow through on that requirement. Congress is now investigating again, with the following statement from Rep. Steve Buyer in kicking off the investigation:
"I attribute the continued lack of security to poor memory among VA's senior management, and its failure to realize the magnitude of the problem that could have been prevented," Buyer writes. "This is an inexcusable abrogation of responsibility that would not be tolerated in any private company. Veterans and American taxpayers expect a higher standard from the VA...."Not that I expect a Congressional investigation to be very effective, but at some point you have to wonder what folks at the VA are thinking.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data leak, encryption
Companies: va, veterans administration
Reader Comments
Subscribe: RSS
View by: Time | Thread
Oh please
[ link to this | view in chronology ]
[ link to this | view in chronology ]
ignorant remarks are . . . ignorant
I know first hand that I can walk into any VA hospital at any hou5 of the night or any day of the year (like I once did Thanksgiving Day at 4am 400 miles from home) and the person treating me has a total, in-depth, chronological, searchable history of every thing about me on screen. They have every allergy, every medication past and current, every procedure, every blood pressure reading, every blood test, everything everything, everything.
I assure you that few physicians anywehere else have that info unless they are using one of the few commercial systems based on that of the VA.
So this not not merely (!) about SS numbers or unlisted phone numbers. The real problem, contrary to the uniformed comment is that the VA knows very well how to use a computer.
[ link to this | view in chronology ]
Re: ignorant remarks are . . . ignorant
Um. OK.
"The real problem, contrary to the uniformed comment is that the VA knows very well how to use a computer."
As I said, it's not that they can use a computer *well*, it's that they can use it at all.
[ link to this | view in chronology ]
American taxpayers might expect more, but Veterans? Oh hell no. The VA is known for incompetence in most areas. The average wait time on disability is two years and they're liable to lose your medical records at least once.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
not hard
EVERY laptop we buy goes through a central receiving facility, where it has a standard image put on it - that includes whole disk encryption.
If one of these laptops gets lost, its a boat anchor without that password.
Also, we use, extensively, a secure remote access system through which all employes can access data - securely and without storing anything on the local hard drive.
It really isn't hard. Expensive? Yes, but no more expensive than responding to a lawsuit, and the money is spent in a more productive manner!
[ link to this | view in chronology ]
Re: not hard
Typical disk encryption is not uncrackable
"Expensive? Yes"
Doesn't have to be
[ link to this | view in chronology ]
[ link to this | view in chronology ]
No incentive to change
[ link to this | view in chronology ]
VA Data Protection
[ link to this | view in chronology ]
DVA not VA
[ link to this | view in chronology ]
HAHAHAHA
So they are saying the reason for this is that the VA had a SENIOR moment. HAHA
[ link to this | view in chronology ]