More than 1 million individuals' data at risk

The Department of Veterans Affairs says the missing government-owned, portable hard drive used by an employee at a VA medical facility in Birmingham, Ala., may have held sensitive VA-related information on about half a million individuals and more than 1 million physicians.

“Our investigation into this incident continues, but I believe it is important to provide the public additional details as quickly as we can,” said VA Secretary Jim Nicholson, in a statement released Feb. 10. “I am concerned and will remain so until we have notified those potentially affected and get to the bottom of what happened. VA will continue working around the clock to determine every possible detail we can.”

The external hard drive was reported missing Jan. 22. The VA’s inspector general was notified the next day. The IG opened a criminal investigation and notified the FBI.

The VA said it has begun notifying individuals whose sensitive information may have been on the hard drive and will arrange for one year of free credit monitoring to people whose information proves to have been compromised.

The “VA is unwavering in our resolve to bolster our data security measures,” Nicholson said. “We remain focused on doing everything that can be done to protect the personal information with which we are entrusted.”

The VA said the IG has learned that the data files may have included sensitive VA-related information on about 535,000 people.

The investigation has also determined that information on about 1.3 million non-VA physicians – both living and deceased – could have been stored on the missing hard drive, the department reported. It is believed though, that most of the physician information is readily available to the public. Some of the files, however, may contain sensitive information, the VA said. The department added that it has no information that any of the data has been misused.

The department uses non-VA physician data to enhance the quality of care for veterans by analyzing and comparing information about the health care received from the VA and non-VA providers.

The employee involved has been placed on administrative leave pending the outcome of the investigation, the VA said.

About the Author

David Hubler is the former print managing editor for GCN and senior editor for Washington Technology. He is freelance writer living in Annandale, Va.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.