VA doctors' foray into cloud causes potential breach

Yahoo calendar held patient names, surgeries

The Veterans Affairs Department has ordered an immediate shutdown of a cloud application on the Yahoo website that VA doctors were using to store patients’ medical information without appropriate data security controls, officials said.

Notifications of a possible security breach will be sent to 878 patients, according to VA’s "Monthly Report to Congress on Data Incidents" for November, released by the department Dec. 22.

The breach, which is referred to as a mishandling of electronic information, came to the attention of VA's information security authorities on Nov. 23 when they discovered that physicians and employees in a VA hospital orthopedics department were maintaining a calendar of patient medical data on a Yahoo.com cloud application.


Related stories:

Unencrypted thumb drive causes breach at VA

VA data breach reports available online


The calendar has existed since 2007 and was protected by a single password shared by a number of people. The password had not been changed in the three years of operation.

The calendar contained full names, dates and types of surgery, and the last four digits of Social Security numbers for nearly 900 patients, the report states.

VA’s National Security Operations Center ordered the calendar to be closed Nov. 24. All entries were deleted, and the patients are to be notified of the possible breach.

Roger Baker, VA's assistant secretary for information and technology, said Dec. 22 the incident was an example of the need for better and more secure IT tools for VA employees, including cloud-based tools.

The report notes that all VA doctors have access to a secure VA network to store patient information and a Microsoft Excel application to schedule appointments and surgeries.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.