Veterans Not Informed of Health Data Security Lapses
Department of Veterans Affairs Deputy Secretary Gordon Mansfield on Wednesday at a House Veterans' Affairs Oversight and Investigations Subcommittee hearing said VA has not informed hundreds of thousands of health care providers that a security breach in January in Birmingham, Ala., might have compromised confidential data, the AP/Arizona Daily Star reports. In addition, VA officials said that they have not determined the cause of the security breach, the latest in a series during the past year.
VA officials also said that most department data remain unencrypted and that the department remains unaware of the number of portable computers and hard drives in use and of the information stored on them.
Lawmakers praised VA officials for efforts to centralize information technology at the department and raise awareness about data security among employees but "sharply questioned why long-recommended safeguards haven't been put in place," the AP/Daily Star reports.
Maureen Regan, counselor to the VA inspector general, said that the department has not fully implemented recommendations on data security included in a 2001 report or recommendations issued after a large security breach in May 2006.
Mansfield said, "We will get it done," adding, "There aren't any simple fixes" (AP/Arizona Daily Star, 3/1).