Enric Volante reports in the Arizona Daily Star:
Mismanagement at the federal Indian Health Service has resulted in millions of dollars of equipment being lost or stolen across the nation, including in Arizona, congressional investigators reported.
[…]
Gregory D. Kutz, managing director of forensic audits and special investigations for the GAO, the investigative arm of Congress, said that because of inconsistent IHS documentation and the review of only seven field offices, the actual loss is probably much higher.
The audit also found evidence of insecure sensitive patient data.
In April 2007, someone stole a desktop computer from a hospital in New Mexico. It contained the Social Security numbers and medical information of 840 uranium miners, the GAO reported.
And in Tucson, IHS officials reported the theft of a personal digital assistant device, or PDA, when they sought to replace it last March. The GAO found it contained the names and medical information on patients at a Tucson-area hospital. The information was not protected by password or encryption.
“This was in violation of federal policy and increased the risk that sensitive information could be disclosed to unauthorized individuals,” Kutz wrote. The GAO is referring those cases to the Office of Inspector General for more investigation.Price said the PDA had only about eight patient names in it, no Social Security numbers and nothing sensitive beyond each patient’s eye measurements from an eye clinic. He said it was not clear anyone stole the device, and the physician who had it probably misplaced it.
Full story – Arizona Daily Star
Related:
Indian Health Service: IHS Mismanagement Led to Millions of Dollars in Lost or Stolen Property.
GAO-08-727, June 18, 2008
Comment: once again, it seems we learn about breaches via GAO reports.