Security

Paper records account for most VA data breaches

Image of file folders

The leading cause of data breaches at the Department of Veterans Affairs continues to be paper-based records, according to VA Acting Assistant Secretary for Information and Technology Stephen Warren.

Warren briefed reporters Aug. 8 on the data breach reports his agency submitted to Congress for April, May and June, and stated that while theft of electronic devices containing patient information is rare and "holding steady," upwards of 98 percent of data breaches continue to involve "physical paper."

Problematic paper records include documentation misplaced, mishandled or improperly mailed by agency employees – VA's data breach report over the three-month period suggests such mistakes happen hundreds of times per month. In many such cases, a veteran's claim – containing Social Security numbers, address, compensation and pension claim ratings – is exposed publicly or sent to the wrong veteran.

Download

Read the VA's data breach reports

April

May

June

Warren said instances where veterans' information is not kept private are regrettable, but added that the error rate is actually low considering the VA's large number of patients – it sends out millions of packages per month and has "the best" error rate in the health care industry for mispackaging or mishandling. Patients that experience privacy issues are frequently offered credit protection services from VA.

"We are constantly reinforcing the fact" that health care matters, Warren said, emphasizing that every data breach report is investigated and analyzed. The VA's Data Breach Core Team, created in 2008, makes use of key players in several of the department's components to review monthly data breaches, assessing risk based on National Institute of Standards and Technology-developed standards.

Over the three-month period, no data breaches were classified as high risk, and most were rated as low risk.

Between April and June, VA reported six missing personal computers, 68 missing Blackberries and 27 missing laptops, three of which were unencrypted. Based on the reports, it does not appear that private information, with the potential exception of the names of some veterans, was compromised. The stolen or misplaced electronic devices did not have access to VA's network.

While VA has come under fire in the past for putting vets' data at risk electronically, Warren said the theft or disappearance of electronic devices is "holding steady" and remains low, despite 900,000 connected devices on its networks. He said people tend to steal laptops indiscriminately for their street value rather than in hopes of profiting from veterans' private information.

"People like laptops because you can sell them easily; folks are taking them for commodity of the things," Warren said. When it comes to electronic data breaches, he said, "we haven't really seen new trends."

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.