TheConversation

Blog archive

Readers divided about VA theory on stolen laptops

Image of file folders

Readers responded to an Aug. 8 FCW article on data breaches at the Department of Veterans Affairs with a mixture of criticism and praise for Acting Assistant Secretary for Information and Technology Stephen Warren, as well as a few questions.

One reader wrote: Stephen Warren said "people tend to steal laptops indiscriminately for their street value rather than in hopes of profiting from veterans' private information." I guess he's basing this statement on anecdotal evidence and personal supposition? Or empirical evidence gleaned from interviews with the thieves?

Another wrote: Based on the June 4 hearing, it really doesn't matter what VA, [or] Stephen Warren in particular, says about security or whether or not the breaches were high, moderate or low risk. Once you’ve been caught deceiving Congress, veterans and the general public, you forfeit your credibility. Still waiting on what the VA is going to do about the hacking and general penetration of the VA network. As a vet, I’ve yet to receive anything in the mail like the letter sent out in 2006. At some point, offering free credit monitoring is a moot point.

Another had a rebuttal for those criticizing Warren: The last comment is born of ignorance and lack of common sense! While Warren has fewer than a handful of supporters (his supporters are mostly the contractors he hires to document his desires and publish them as if they are their unbiased and undirected opinions), in this case he’s right. Unlike people stealing paper records for the folders that hold the paper, it’s commonly known that most people steal laptops for the laptop itself. And if people want a veteran’s information, they’ll more than likely find a way to hack into one of the many databases that hold it all. Please don’t add to the ridiculous paranoia that’s infecting VA and taking our focus away from treating patients.

Frank Konkel responds:

There have been many documented problems at VA, and much of the criticism of the department is justified. But I don’t believe there is substantial reason to doubt Warren’s claims that laptops are taken primarily for their hardware value and not the data on them. Why?

The main reason is that even though paper records continue to be the primary data breach for VA -- sometimes releasing the names and Social Security numbers of hundreds of veterans -- few cases of identity theft resulting from these breaches have been reported.

In the case of stolen laptops, many of which are encrypted anyway, it seems unlikely that thieves would think about stealing laptops for reasons that go beyond simply selling them to someone else. If it was appealing for thieves to steal these VA laptops and PCs in hopes of selling veteran identities to the highest bidders, wouldn’t it be far more common than it is?

If that kind of activity did increase, you can bet VA’s very active Office of Inspector General would get the word quickly.

Posted by Frank Konkel on Aug 15, 2013 at 10:55 AM


Reader comments

Mon, Aug 19, 2013

I hope this article opens up the flow of conversation from VA's IT people. Obviously we don't have any other outlets and our agency's head won't pay attention to an obvious huge issue because it's not direct patient care, so we can only pray that those in congress who might be generating their talking points from these comments will keep reading. We can only hope they take them into the next meeting with the head of the agency and demand that they actually pay equal attention to this to the issue that is OIT and Warren and his band of internal and contractor cronies who further hurt this agency with each passing day. Please keep the articles coming, soon enough we all hope they result in Warren being dismissed and his damaging decisions brought to an end.

Fri, Aug 16, 2013 Al

If you can't protect the data, don't collect the data

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above