VA hit with two class-action suits over data theft

The Department of Veterans Affairs faces two class-action lawsuits related to the theft of information on 26.5 million veterans last month.

The Vietnam Veterans of America (VVA) and four other veterans groups have filed a class-action lawsuit against the VA seeking $1,000 in damages for each veteran who can show that he or she has been harmed by the data theft.

Last week, Paul Hackett, a Marine reservist from Cincinnati, Ohio, who served in Iraq, and Matthew Page, from Boone County, Ky., filed a class-action lawsuit against the VA in the U.S. District Court for the Eastern District of Kentucky. It, too, seeks $1,000 in damages for any veteran damaged by the data theft.

The VA disclosed yesterday that the stolen database also contains records and private information on 10,000 to 20,000 members of the National Guard and Reserves called to active duty and for 25,000 to 30,000 Navy personnel who completed their first enlistment before 1991.

The Consumer Coalition for Health Privacy asked the Department of Health and Human Services last week to conduct a privacy review of health data included in the stolen information, which contained records it believes are covered by the Health Insurance Portability and Accountability Act (HIPAA).

The VVA suit, filed in the U.S. District Court for the District of Columbia, also asks the court to prevent the VA from altering any of its data storage systems until a court-appointed panel of experts determines how to prevent future security breaches. The National Gulf War Resource Center, Radiated Veterans of America, Citizen Soldier, and Veterans for Peace joined VVA in its suit.

The Hackett/Page suit asks the Kentucky court to prohibit the VA from operating information systems without appropriate safeguards to ensure the privacy of veterans’ records.

It also requests that the VA take steps to head off possible identity theft by establishing an identity- and credit-monitoring program that would cover potentially all of the veterans whose information was stolen. The data was stored on a removable device attached to a laptop PC reported stolen from a VA data analyst’s home May 3.

“It is appalling to all veterans that their personal information -- information that is supposed to be held in confidence -- is potentially in the hands of individuals who can wreak identity-theft havoc,” said John Rowan, national president of VVA.

He added that he was perplexed about the amount of information the VA has collected on veterans who have never used the agency’s services and said VA Secretary Jim Nicholson has yet to answer some critical questions.

“What was an employee of the VA doing with the names, Social Security numbers and dates of birth of all these veterans, the vast majority of whom have never availed themselves of VA services?” he asked. “Why is the VA collecting this information in the first place?”

Besides personal identifiers such as Social Security numbers, the VA said the stolen database also contains medical diagnostic codes and medical disability ratings, which the Consumer Coalition for Health Privacy views as a potential violation of the privacy provisions of HIPAA.

The coalition asked HHS Secretary Mike Leavitt “to do everything he can to ensure the privacy and security of protected health and other highly sensitive information held by the VA,” said Paul Feldman, deputy director of the Health Privacy Project, in a statement.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.