The Department of Veterans Affairs (VA) had, and still has, serious issues with their security. They have a history of stolen laptops, comprised social security numbers and personal identifications, and policies lacking clear focus. The last time this happened assurances were made that security policies would being tightened up, access to secure information would be limited, and new policies would be implemented to protect the VA and everyone associated with the VA. However, these policies only work when they are actually followed.
A claims examiner working for the VA plugged an unencrypted thumb drive into a computer attached to the VA network. The examiner was using the drive to store 240 veterans’ personal records, which, of course, included social security numbers. That examiner then went ahead and lost the drive. Another employee, in a separate incident, accessed veterans’ personal records, printed them out, and took them home. Both of these instances are clear violations of the VA’s policies.
VA Chief Information Officer Roger Baker detailed the two incidents to Congress this month during his data breach report. The results are obvious: security protocols implemented to protect personal information are being ignored.
The VA’s policies clearly ban any use of unencrypted thumb drives in any of their computers. The drive was found by a security guard, who took it home, showed it to his wife who recognized the information for what it was, and told him to return it. The thumb drive included personal information on veterans consisting of:
- Medical records;
- Financial records;
- Dates of birth;
- Addresses; and
- Social security numbers.
The other employee who printed out veterans’ information did so in order to create a Word document from the list. This not only offended the common sense of almost all VA employees, it violated the VA’s privacy and security protocols. The employee then tried to email the Word document to his email address at the VA. The document was rejected because it included social security numbers.
The VA has strict rules, policies, and protocols to prevent information from being stolen. While there has not yet been any word about if these 2 particular VA employees have faced any disciplinary action, hopefully the VA can use these incidents as a teaching example to the rest of the 300,000 VA employees.
If you are a disabled veteran who has been denied disability compensation or have not yet applied for benefits from the VA, contact LaVan & Neidenberg. You may be entitled to certain programs and benefits so contact our veterans disability rights firm today.