Thomas Clouse reports:
The staff at Mann-Grandstaff VA Medical Center is working to determine the scope of what could be the potential release of records for 1,915 veterans, who could now become victims of identity theft.
On July 18 someone stole two USB drives containing the personal information for the veterans from a contract employee who was conducting a service call in Oklahoma City, VA spokesman Brett Bowers said in a news release.
Read more on The Spokesman-Review. Of note, Clouse’s report indicates that the VA believed PHI might be involved:
“Although we cannot say for certain what information was stored on the stolen USB hard drive, we are alerting every veteran whose personal information resides on the” server, Bowers wrote. “We have determined the information at possible risk may include full names, social security numbers, addresses, phone contacts, surgical and insurance information.”
There is a statement on the center’s home page, but it appears to be describing a different incident:
Possible Data Breach Prompts Veteran Notification
Mann-Grandstaff VA Medical Center has contacted approximately 3,200 Veterans by mail, indicating there may have been a compromise in their personally identifiable information as a result of a missing laptop that interfaces with a laboratory analyzer owned by a VA vendor. The direct mailing to Veterans is informing them of MGVAMC’s precautionary measure to allow potentially-impacted Veterans an opportunity to have free credit monitoring to protect them from any fraudulent attempts of identity theft. For more information, please see this Press Release announcing further information for Veterans and how MGVAMC leadership is taking corrective action.
The press release it refers to says, in part:
The Mann-Grandstaff VA Medical Center (MGVAMC) in Spokane has notified 3,275 Veterans whose Protected Health Information (PHI) was potentially compromised. On August 7, 2017, an equipment inventory determined that a vendor-issued laptop from the Mann-Grandstaff VAMC Lab was missing. This laptop, a standalone piece of equipment used to interface with a Laboratory hematology analyzer, was in operation between April 2013 and May 2016. The laptop was replaced by the vendor in May 2016 after it became unusable, but they have no record of taking the laptop from the facility. VA staff conducted an extensive search of the VA premises and were unsuccessful in locating it.
Although we cannot say for certain what information was stored on the missing laptop, we are taking the necessary precaution of alerting every Veteran that may have had a hematology sample processed on the analyzer. We have determined that the information potentially at risk are full names, dates of birth, and social security numbers.
That press release was dated September 19, 2017.
On further investigation, the September incident is one previously noted in our report for Protenus as “Spokane VA Medical Center.” It had been coded as a lost laptop incident based on their report to HHS, but no additional information was available at that time.
Note: This report was corrected post-publication. The original version incorrectly treated both reports as if they were from the latest incident.