Thursday, 11/2, the VA confirmed a computer containing data about 1,600 U.S. military veterans was stolen from their Manhatten hospital.
According to the report, it was stolen from “a locked room in a locked hallway at the VA hospital. The theft occurred Sept. 6, but VA officials sent out a letter to veterans only within the past two weeks. The personal data of about 1,600 people was on the computer’s hard drive. It was the third theft of personal data from a VA facility in less than a year.”
The VA is offering credit monitoring to those impacted.
Considering the physical security that was reportedly in place, this seems likely to have been an inside job. Or, perhaps the doors were believed to be locked, but actually weren’t, or perhaps the doors were left ajar? So many possibilities.
With the great amount of publicity around the VA’s other computer losses this year, could this have been a targeted job?
Crooks and fraudsters are likely becoming quite aware of the types of activities they can perform with personal information if they read the papers, magazines or listen to the TV or radio even occasionally. The VA would likely been seen as a good target, with the perception that they have weak security in place, even with their announced efforts to improve security over the past few months. The vets’ information would also be seen as good data to use for fraud and crime since the president withdrew the offer to provide credit monitoring for the 26.5 million vets involved in the incident earlier this year.
At least the VA is offering monitoring in this case. Hopefully more will be done to beef up their information security efforts and implement changes to try and prevent such incidents from recurring.
This points out that with the insider threat, especially within facilities such as hospitals and other buildings with many visitors and non-employees coming and going, it is a good idea to encrypt personally identifiable information everywhere it is stored to help prevent negative repurcussions to the associated individuals from thefts such as this.
Tags: awareness and training, encryption, Information Security, IT compliance, policies and procedures, privacy, stolen computer, VA incident