DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

VA report to Congress on data incidents in October

Posted on November 17, 2010 by Dissent

The Department of Veterans Affairs October report to Congress on data incidents is available online. Here are some breaches of note contained in the report:

A Regional Office (RO) guard at the Veterans Benefits Administration in Tennessee found an unencrypted thumb drive inside the facility doors on October 8. The guard took the drive home to investigate and showed it to the guard’s spouse who “maintains a high security clearance thru Department of Justice and DEA.” The guard’s spouse identified the information on the thumb drive as VA sensitive information and the thumb drive was turned in VA custody the next morning. The thumb drive belonged to a VA staff member and had fiduciary information for approximately 240 Veterans and/or beneficiaries. Their full names, SSNs, DOBs, mailing addresses, medical data (health information), and other financial information was included. The thumb drive was the personal property of the employee. The employee was not authorized to maintain VA sensitive information on a thumb drive and had failed to follow VA policies and procedures. The thumb drive was unattended/lost for approximately 16 plus hours and the contents were seen by unauthorized persons. The 240 Veterans were offered credit protection services.

On October 15, an employee reported that multiple pages from an Oklahoma VAMC pulmonary laboratory log book were missing. The log book pages contained patient names and partial Social Security number along with lab test abbreviations. The pages missing from the lab log book could contain up to 1,950 Veterans’ names, appointment times and dates, last 4 of the SSNs, mod/unit, requesting physicians, tests, and lab numbers from 01/01/10 until 10/08/10. Although the military believes that the pages were likely shredded, since there was no proof that the log book pages were shredded, 1,950 Veterans received a notification letter. The VA also noted that due to the number of Veterans affected, public notice and HITECH submission would be required.

On October 25, the Education Department was moving from one storage area to another in the Bronx and a box containing information pertaining to 146 employees who took the Cardiopulmonary Resuscitation (CPR) test was left in the open. The location was accessible by employees as well as volunteers. Privacy information included employee’s names and social security numbers. The employees were notified and offered credit protection.

On October 25, a VA employee in Honolulu took home a list with 180 Veterans’ information, including their full SSN, to have his spouse help him develop a Word document from the list. The employee tried to email the completed Word document to his VA email account but the VA server rejected it. All the documents are back in the hands of the HIMS Chief. She has consulted with HR on the matter and will counsel the employee. The Veterans received a letter offering credit protection services.

Also for the month of October:

Total number of lost Blackberry incidents = 22
Total number of internal un-encrypted e-mail incidents = 79
Total number of Mis-Handling Incidents = 79
Total number of Mis-Mailed Incidents = 115
Total number of Mis-Mailed CMOP Incidents = 10
Total number of IT Equipment Inventory Incidents =2
Total number of Missing/Stolen PC Incidents = 4
Total number of Missing/Stolen Laptop Incidents = 10 (all encrypted)

Related posts:

  • Veterans Administration responds to Freedom of Information request; releases breach reports
  • More than 2,000 veterans had their PHI breached in April
Category: Breach Incidents

Post navigation

← ND: East Grand Forks man to plead guilty in ID-theft case
Se: Chlamydia 'refuseniks' face police round up →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.