DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Monthly reports to Congress show VA still experiencing hundreds of breaches each month

Posted on September 15, 2014 by Dissent

The Veterans Administration continues to struggle with securing veterans’ personal and protected health information, as its monthly reports to Congress reflect. First, consider the sheer number of different types of incidents reported to Congress for the month of August:

Total number of Internal Un-encrypted E-mail Incidents 92
Total number of Mis-Handling Incidents 114
Total number of Mis-Mailed Incidents 138
Total number of Mis-Mailed CMOP Incidents 9
Total number of IT Equipment Inventory Incidents 9
Total number of Missing/Stolen PC Incidents 1 (1 encrypted)
Total number of Missing/Stolen Laptop Incidents 9 (9 encrypted)
Total number of Lost BlackBerry Incidents 17
Total number of Lost Non-BlackBerry Mobile Devices
(Tablets, iPhones, Androids, etc.) Incidents
3

To illustrate the ongoing problems, consider four specific incidents reported last month:

Portland, Oregon:  A VA medical assistant took two provider panel lists home in March, 2014 to work on them over a weekend.  In August, 2014, the medical assistant’s husband found the list and told the nurse he was going to use it to have her fired. The VA noted that the documents, which were recovered when the husband voluntarily turned them over to VA police, contained a total of 1740 veterans’ information: full SSNs, eligibility codes, last appointment dates, and the first ten letters of the name (with the format being last name, first name up to ten letters total). Credit protection services were offered to 1686 veterans involved, and notification letters were sent to next of kin for 54 deceased veterans.

I don’t see any notice on their web site, but I think we should eventually see this one on HHS’s breach tool.

Milwaukee, Wisconsin: Several veterans returned letters postmarked on 08/22/14 that contained a generic letter outlining the new facility procedures regarding opioid treatment. The letters contained the veterans’ correct street address, but were paired with another’s name. The letter itself contained no identifiable information. However, each incorrect recipient was getting another veteran’s name on the envelope, revealing that the named veterans were taking an opioid of some sort.

Investigation revealed that there was mistake made with the mail merge function in Word, and a total of 210 veterans were impacted. Each of those affected received a HIPAA disclosure notification and a request to return the incorrect envelope in an included postage-paid self-addressed envelope.

West Palm Beach, Florida:  A motor vehicle operator informed his supervisor that he left the clipboard from his vehicle, his daily work schedule and his VA-issued cell phone on the roof of the government minivan he was driving. The employee thinks he drove away with these items on top of the vehicle. He tried to reverse his route but could not find any of the missing items. The clipboard contained the work schedule for the day and the special mode appointment List for the day. The appointment list contained 52 veterans’ full names, last four numbers of their SSN, full address, and contact phone number. The  52 veterans were sent a HIPAA letter of notification of the inadvertent loss.

Cleveland, Ohio:   A call center agent in the National Call Center left a steno notebook in a common break area which was accessible to the public. The notebook contained claim and social security numbers for 269 veterans. All of them were sent credit protection service offers.

Given how massive the VA system is, it’s not surprising to see human error breaches, but I wonder how much breaches are costing the VA each year in terms of time to investigate, mailings, and offers of credit protection.

Category: Uncategorized

Post navigation

← Aventura Hospital notifies 82,601 patients of possible data theft; third theft incident in 2 years
Connecticut Attorney General Wants Apple To Answer Questions About How The Apple Watch Stores Your Personal Health Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.
  • CoinMarketCap Hacked, Scrambles to Remove Malicious Wallet Verification Popup
  • Montana Attorney General launches investigation into Lee Enterprises data breach
  • AT&T gets preliminary approval for $177 million data breach settlement
  • Aflac notifies SEC of breach suspected to be work of Scattered Spider
  • Former JBLM soldier pleads guilty to attempting to share military secrets with China
  • No, the 16 billion credentials leak is not a new data breach — a wake-up call about fake news (Updated)
  • Tonga’s health system hit by cyberattack (1)
  • Russia Expert Falls Prey to Elite Hackers Disguised as US Officials

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data
  • US Judge Invalidates Biden Rule Protecting Privacy for Abortions
  • DOJ’s Data Security Program: Key Compliance Considerations for Impacted Entities
  • 23andMe fined £2.31 million for failing to protect UK users’ genetic data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.