Veterans Administration Now Known As Ministry For Data Leaks
from the leak-rinse-repeat dept
In the middle of last year, a laptop and hard drive containing personal information on 26.5 million US veterans were stolen from an employee’s home. While the equipment was recovered, and the government claimed the data had not been accessed, the theft highlighted the lax security procedures of the VA — and another theft a few months later reinforced it. Now, try not to be surprised, but it’s happened again, as portable hard drive containing personal information on 48,000 vets has gone missing from an Alabama facility. Despite the VA saying it was beefing up data security after the first theft by taking measures including putting encryption software on all its laptops and desktop PCs, apparently as many as 20,000 records on this latest hard drive weren’t encrypted. While encryption is by no means a cure-all, it’s pretty ridiculous that even after the previous high-profile events, the VA still can’t be bothered to even take this first step with all its data. There’s a total lack of accountability and responsibility here: while there’s been talk of mandating stiffer penalties for individuals who are negligent with personal data, that’s nothing more than smoke and mirrors. It hides the real problem, which is an environment that, from the top down, accepts and excuses this sort of behavior. Until that changes, expect more data leaks.
Comments on “Veterans Administration Now Known As Ministry For Data Leaks”
Hey, that's across the street
from where I take classes. I drive by the VA every day.
What would anyone do with data theft in Alabama, though? I enjoy the local low-security culture. It’s not like California, where security guard bullies are always threatening to arrest anyone who so much as walks into a store through the wrong entrance.
Re: Hey, that's across the street
“security guard bullies”? Like the ones at Disney Land and who drive around shopping malls and school grounds in golf carts? You are afraid of these people? The phrase, “threatening to arrest” is funny – it sounds similar to something a school girl might say to another school kid who is making faces at her.
Re: Re: Hey, that's across the street
“security guard bullies”? Like the ones at Disney Land and who drive around shopping malls and school grounds in golf carts? You are afraid of these people? The phrase, “threatening to arrest” is funny – it sounds similar to something a school girl might say to another school kid who is making faces at her.
They are allowed to arrest people, they carry handcuffs and pepper spray, sometimes even guns. They are usually incompetent Mexican-Americans on a power trip. I haven’t been arrested, but I’ve seen them do it to others for trivial offenses like standing in the wrong place.
HIPPA
The VA handles health care related issues and that means HIPPA. I work in IT for a University hospital and deal with HIPPA related issue very often. A first offence, even accidental, of exposing protected health information can be a year in jial and a 10g fine. And that if I accidently put a patients room number in a clear text field.
However outside of IT I have found no one takes HIPPA seriously. Just goes to show you that if you don’t understand a thing you don’t respect it.
Electronic Security
When the government that imposses laws like HIPAA on us then exempts governmental agencies from it’s requirements, how can you expect them to take anything of yours (data or otherwise) seriously?
The VA is part of the executive branch of the US government and the president is at the “top” of the executive branch.
Shame
Damn shame. Get the right people in place to do the job and get it done. Again and again, damned shame. Horrible way to house, store, and administer information of Veterans.
Who cares about veterans with short-order lovers, car chases, knuckheads who eat their children, politicians posing for dingle-boy magazine, runners to corner blocks for daily shooters of ills we lover, and the veteran begs for a dollar while offering directions to Macy’s on G street….
Can I get a war, so Vets can find some love!!!
Re: Shame
I agree with you, Chief, I am a disabled vet but would gladly do any job the military would put me in if only they would use me for something. Give me a war, too.
It's a Policy Issue!
This is not a failure of technology: it’s a failure of policy, which is the core management tool for information security. There has to be a policy governing data on portable devices, the policy has to be enforced, and there has to be consequences for failure to comply. The policy might prescribe a technological control (i.e. encryption), but there has to be policy. This certainly does not seem to be the case in the Department of Veteran’s Affairs.
BTW the government is NOT exempt from HIPAA; on top of that, as a Federal agency, the DVA is also subject to FISMA, the Federal Information Security Management Act, which is much tougher than any IT security standards legislatively required of any commercial entities.