Channel Marker

Jul 2 2007   1:47PM GMT

VA blames IT specialist and bosses for data breach

Bcournoyer Brendan Cournoyer Profile: Bcournoyer

It took five months and a 79-page report to do it, but the Department of Veterans Affairs has finally pointed its finger for a high-profile data breach.

The VA’s Office of the Inspector General blames the IT specialist and two directors at the Birmingham, Alabama VA Medical Center for the January loss of an external hard drive that contained confidential information on 250,000 veterans and 1.3 million medical providers. Its report, issued late last week, says the director and associate director of the Birmingham center’s Research Enhancement Award Program (REAP) did not enforce policies that were in place to protect sensitive data, and they improperly allowed the IT specialist access to confidential information. The report also slams the IT specialist for not safeguarding the personal information and for not cooperating with the initial investigation into the missing hard drive.

Among the findings in the report:

  • The IT specialist provided inaccurate information to investigators looking into the hard drive’s disappearance.
  • Data loss is a “systemic problem throughout the government.”
  • A policy that prohibits the storage of unencrypted sensitive data on portable devices was ignored.
  • The IT specialist was granted access to information to which he was not entitled.
  • The REAP director and associate director had their VA email automatically forwarded to external accounts, in violation of policy.

Assistant Inspector General James O’Neill, who wrote the report, recommends taking “appropriate action” against the IT specialist, the REAP director and associate director, as well as the the medical center director and another administrator, for their roles in the incident. The report came out one day after SearchSecurityChannel.com posted this story on channel opportunities in government security, “Government computer security upgrades bring more channel work.”

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: