Printer Friendly Page
VA SUBCONTRACTOR LOSES PERSONAL DATA OF 38,000
VETERANS -- Unisys office in Virginia reports
"missing"
desktop computer with veterans' data.
Here we go again! More veterans'
data lost.
All information on VA data theft on this
page...
http://www.vawatchdog.org/va%20data%20theft%20news.htm
We have a news story, a press release
from the VA, a press release from the Senate Committee on Veterans'
Affairs and a press release from Rep. Bob Filner (D-CA), Member of the
House Committee on Veterans' Affairs.
News story here...
http://customwire.ap.org/dynamic/stories/
V/VETS_DATA_THEFT?SITE=NDBIS&SECTION=
HOME&TEMPLATE=DEFAULT&CTIME=2006-08-07-14-59-22
Story below:
---------------
VA: Data for 38,000 Veterans Missing
By HOPE YEN
Associated Press Writer
WASHINGTON (AP) -- As many as 38,000 veterans may be at risk of identity
theft because a Veterans Affairs Department subcontractor lost a desktop
computer containing their sensitive personal data.
VA Secretary Jim Nicholson said that Unisys Corp., a subcontractor hired
to assist in insurance collections for VA medical centers in
Philadelphia and Pittsburgh, reported the missing computer last
Thursday. The computer was being used in Unisys offices in Reston, Va.
It is not yet known what happened to the computer, Nicholson said,
adding that local and federal authorities are investigating.
The computer is believed to contain names, addresses, Social Security
numbers, dates of birth, insurance carriers and claims data including
medical information for veterans who received care at the hospitals in
Philadelphia and Pittsburgh during the past four years.
According to initial estimates, the data covered about 5,000 patients
treated at Philadelphia, 11,000 treated at Pittsburgh and 2,000 deceased
patients. The VA is investigating whether the information also may have
covered 20,000 who received care through the Pittsburgh medical center.
Unisys spokeswoman Lisa Meyer said company officials were investigating
and declined to say whether a particular employee had been using the
computer.
The computer was located in a building and floor where security
procedures were in place for access, and there were no signs of a
break-in, she said. The computer was password protected, but the data
was not encrypted.
The disclosure comes after a string of recent data breaches at the VA,
including the May 3 theft of 26.5 million veterans' personal data from a
VA employee's home in suburban Maryland. The laptop and external drive
containing that information has since been recovered, and two teens were
arrested Saturday as part of what appeared to be a routine burglary.
In recent weeks, the VA has also acknowledged losing sensitive data for
more than 16,000 veterans in at least two other cases in Minneapolis and
Indianapolis.
Nicholson said in a statement Monday that the VA was working with Unisys
to notify those veterans affected and to provide credit monitoring if
appropriate.
"VA is making progress to reform its information technology and cyber
security procedures, but this report of a missing computer at a
subcontractor's secure building underscores the complexity of the work
ahead," Nicholson said.
Lawmakers were critical of the VA. Rep. Lane Evans, the top Democrat on
the House Veterans' Affairs Committee, called the latest data breach
"yet another wake-up call."
"Today's announcement by the VA that sensitive personal information of
veterans was compromised by a VA subcontractor last week confirms that
the VA must move quickly to protect the information it maintains on
veterans and their families," Evans said.
"I am absolutely appalled that another computer containing the personal
information of veterans has gone missing," said Sen. Rick Santorum,
R-Pa. "Those responsible must be held accountable and the VA clearly
needs to do a better job of overseeing its contracting entities."
---------------
VA press release here...
http://vawatchdog.org/vapressrelease/
vapressrelease08-07-06.htm
Press release below:
---------------
Subcontractor Notifies VA of Missing Computer
with Vet Files
August 7, 2006
VA, Law Enforcement Authorities Investigating
WASHINGTON – The Department of Veterans Affairs (VA) today announced
that a subcontractor, hired to assist in insurance collections for VA’s
medical centers in Pittsburgh and Philadelphia, has informed the
Department that a desktop computer containing personal information on
some veterans is missing from the company’s offices.
“VA’s Inspector General, the FBI and local law enforcement are
conducting a thorough investigation of this matter,” said the Honorable
R. James Nicholson, Secretary of Veterans Affairs.
VA was notified on the afternoon of Thursday, August 3, by the
subcontractor, Unisys Corporation, that the computer was missing from
its Reston, Va., offices. VA immediately dispatched a team to Unisys to
assist in the search for the missing computer and to help determine the
precise nature of the information it may have contained.
While the investigation is in an early stage, VA believes the records
involved are limited to people who received treatment at the two
Pennsylvania medical centers during the past four years. It is believed
the desktop computer may have contained patients’ names, addresses,
Social Security Numbers, dates of birth, insurance carriers and billing
information, dates of military service, and claims data that may include
some medical information.
Initial estimates indicate the desktop contained information on
approximately 5,000 patients treated at Philadelphia, approximately
11,000 patients treated at Pittsburgh, and approximately 2,000 deceased
patients. VA is also investigating the possibility the computer may have
contained information on approximately another 20,000 people who
received care through the Pittsburgh medical center.
Investigators are working on this incident with the full cooperation of
Unisys. VA is also working with Unisys regarding the offer of credit
monitoring and individual notifications to those who may be affected.
Upon learning the computer was missing, VA personnel took immediate
steps to notify the appropriate senior VA leadership, including the
Secretary and Deputy Secretary, appropriate congressional offices and
committees, VA’s Office of the Inspector General and other law
enforcement authorities, including the FBI and the Department of
Homeland Security’s Computer Emergency Response Team.
The ongoing investigation will provide VA more details on the precise
number of veterans whose information the computer may have contained. VA
will provide further updates as the investigation produces additional
information.
“VA is making progress to reform its information technology and cyber
security procedures, but this report of a missing computer at a
subcontractor’s secure building underscores the complexity of the work
ahead as we establish VA as a leader in data and information security,”
Nicholson added.
---------------
Press release from the Senate CVA here...
http://vawatchdog.org/
senatecvanews/senatecvanews08-07-06.htm
Press release below:
---------------
NEW COMPUTER DATA LOSS AT VA
“This whole problem with VA data security has
got to stop,” Craig says
Sen. Larry Craig, Chairman of the U.S. Senate Committee on Veterans'
Affairs
August 7, 2006
Media contact: Jeff Schrade (202)224-9093
(Washington, DC) A newly reported missing computer involving the
personal information of 37,000 veterans has triggered a stern reaction
from the Chairman of the Senate Committee on Veterans’ Affairs.
"On Friday VA officials informed members of Congress that a desktop
computer containing information on veterans insurance claims was
discovered missing from a subcontractor’s offices in Reston, Virginia.
Since it was a private contractor involved, I expect VA to hold the
contractor financially responsible for any costs that veterans may incur
as the result of this loss," said Sen. Larry Craig (R-Idaho) who chairs
the Senate oversight committee on veterans’ issues.
VA was notified Thursday, August 3, by the Unisys Corporation that a
desk top computer was missing from the contractor’s offices in Reston,
Virginia. The Department of Veterans Affairs immediately dispatched a
team to assist in the search for the missing computer and to help
determine the precise nature of the information it may have contained.
According to VA officials, information on the computer was password
protected but was not encrypted.
Initial estimates indicate the desktop contained information on
approximately 5,000 patients treated at Philadelphia, approximately
11,000 patients treated at Pittsburgh, and approximately 2,000 deceased
patients. VA is also investigating the possibility the computer may have
contained information on approximately another 20,000 people who
received care through the Pittsburgh medical center.
It is believed the desktop computer may have contained patients’ names,
addresses, Social Security Numbers, dates of birth, insurance carriers
and billing information, dates of military service, and claims data that
may include some medical information.
Over the weekend police arrested two individuals – both 19 years old –
in the theft of another computer which contained personal information of
26 million veterans and active-duty military members. A third individual
– an unnamed juvenile – is also being held in custody.
The loss of that computer earlier this year led to several resignations
at VA and numerous hearings on Capitol Hill. An analysis by FBI forensic
experts determined the data was not breached.
"I hope that we have as good of news this time," Craig said. "We clearly
appear to have a systems problem with VA data security that needs to be
fixed."
---------------
The press release from Rep. Bob Filner
(D-CA) of the House Committee on Veterans' Affairs has not been posted
yet...but below is the copy I received by email.
---------------
Congressman Filner Responds to Latest
Investigation of Data Theft Involving the Department of Veterans Affairs
Washington, D.C. - Congressman Bob Filner
(D-CA), Acting Ranking Democratic Member of the House Committee on
Veterans' Affairs, expressed his concern over the latest data theft
involving the Department of Veterans Affairs (VA). According to the VA,
the sensitive personal information of Pennsylvania veterans was
compromised last week by a VA subcontractor. The data was on a desktop
computer which disappeared from a secure area of a Washington, D.C. area
company.
"Although I applaud the VA's timely notice regarding this tragic event,
I believe that this latest revelation highlights once again why it is
important that H.R. 5835, the Veterans Identity and Security Act of
2006, be speedily adopted by the House of Representatives when Congress
reconvenes in September. When veterans are harmed as the result of
government action or in-action, remedies must be provided by the federal
government."
H.R. 5835, co-sponsored by Congressman Filner, addresses internal VA
management of information technology, mandates speedy notification in
the event that the sensitive personal information of veterans is
compromised, and provides veterans with the tools they need to protect
their credit. The bill also puts in place additional protections such as
free credit reports, fraud resolution services, and identity theft
insurance whenever there is a reasonable chance of the misuse of
veterans' information. The bill provides remedies for veterans whose
data is lost by VA data breaches and those of VA contractors and
subcontractors, as occurred last week.
"We must do everything we can to ensure that the VA protects the
sensitive personal information of our nation's veterans, and we must do
everything we can to assist veterans and their families if the VA fails
them. The Committee on Veterans' Affairs has held hearing after hearing
exploring the VA's failures to safeguard sensitive data and the steps we
should take as elected officials to fix this growing problem. Now is the
time to take action!" concluded Congressman Filner.
---------------
Larry Scott
