Security

Paper records account for most VA data breaches

Image of file folders

The leading cause of data breaches at the Department of Veterans Affairs continues to be paper-based records, according to VA Acting Assistant Secretary for Information and Technology Stephen Warren.

Warren briefed reporters Aug. 8 on the data breach reports his agency submitted to Congress for April, May and June, and stated that while theft of electronic devices containing patient information is rare and "holding steady," upwards of 98 percent of data breaches continue to involve "physical paper."

Problematic paper records include documentation misplaced, mishandled or improperly mailed by agency employees – VA's data breach report over the three-month period suggests such mistakes happen hundreds of times per month. In many such cases, a veteran's claim – containing Social Security numbers, address, compensation and pension claim ratings – is exposed publicly or sent to the wrong veteran.

Download

Read the VA's data breach reports

April

May

June

Warren said instances where veterans' information is not kept private are regrettable, but added that the error rate is actually low considering the VA's large number of patients – it sends out millions of packages per month and has "the best" error rate in the health care industry for mispackaging or mishandling. Patients that experience privacy issues are frequently offered credit protection services from VA.

"We are constantly reinforcing the fact" that health care matters, Warren said, emphasizing that every data breach report is investigated and analyzed. The VA's Data Breach Core Team, created in 2008, makes use of key players in several of the department's components to review monthly data breaches, assessing risk based on National Institute of Standards and Technology-developed standards.

Over the three-month period, no data breaches were classified as high risk, and most were rated as low risk.

Between April and June, VA reported six missing personal computers, 68 missing Blackberries and 27 missing laptops, three of which were unencrypted. Based on the reports, it does not appear that private information, with the potential exception of the names of some veterans, was compromised. The stolen or misplaced electronic devices did not have access to VA's network.

While VA has come under fire in the past for putting vets' data at risk electronically, Warren said the theft or disappearance of electronic devices is "holding steady" and remains low, despite 900,000 connected devices on its networks. He said people tend to steal laptops indiscriminately for their street value rather than in hopes of profiting from veterans' private information.

"People like laptops because you can sell them easily; folks are taking them for commodity of the things," Warren said. When it comes to electronic data breaches, he said, "we haven't really seen new trends."

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.