More than 1 million individuals' data at risk
The VA says the missing portable hard drive used by an employee at a VA medical facility may have held sensitive information on half a million individuals and more than 1 million physicians.
The Department of Veterans Affairs says the missing government-owned, portable hard drive used by an employee at a VA medical facility in Birmingham, Ala., may have held sensitive VA-related information on about half a million individuals and more than 1 million physicians.
“Our investigation into this incident continues, but I believe it is important to provide the public additional details as quickly as we can,” said VA Secretary Jim Nicholson, in a statement released Feb. 10. “I am concerned and will remain so until we have notified those potentially affected and get to the bottom of what happened. VA will continue working around the clock to determine every possible detail we can.”
The external hard drive was reported missing Jan. 22. The VA’s inspector general was notified the next day. The IG opened a criminal investigation and notified the FBI.
The VA said it has begun notifying individuals whose sensitive information may have been on the hard drive and will arrange for one year of free credit monitoring to people whose information proves to have been compromised.
The “VA is unwavering in our resolve to bolster our data security measures,” Nicholson said. “We remain focused on doing everything that can be done to protect the personal information with which we are entrusted.”
The VA said the IG has learned that the data files may have included sensitive VA-related information on about 535,000 people.
The investigation has also determined that information on about 1.3 million non-VA physicians – both living and deceased – could have been stored on the missing hard drive, the department reported. It is believed though, that most of the physician information is readily available to the public. Some of the files, however, may contain sensitive information, the VA said. The department added that it has no information that any of the data has been misused.
The department uses non-VA physician data to enhance the quality of care for veterans by analyzing and comparing information about the health care received from the VA and non-VA providers.
The employee involved has been placed on administrative leave pending the outcome of the investigation, the VA said.
NEXT STORY: IRS troubleshoots E-Help program