• E-mail
• Print
• RSS

Alabama veterans' hospital faulted in data security breach

Healthcare Security Weekly, July 9, 2007

An internal report said an Alabama Veterans Administration (VA) hospital that lost sensitive personal data on more than 1.5 million people in January repeatedly failed to follow privacy regulations, reported the Associated Press (AP)

In an effort to hide the magnitude of the security breach, the employee directly responsible for the data initially lied to investigators and deleted files from his computer, the Veterans Affairs inspector general wrote.

The VA hospital did not protect the vast majority of the data, including Social Security numbers and private health information, by using passwords or computer encryption. The information could be used to commit Medicare billing fraud or identity theft, the report said. The report recommended "administrative action" against several employees, including the staffer, the managers of the program where he worked, and the head of the Birmingham VA Medical Center.

The security breach occurred Jan. 22, when employees discovered an external computer hard drive missing from a satellite office that conducts specialty research on healthcare. Investigators determined the drive contained information for more than 250,000 veterans and about 1.3 million medical providers across the country.

• E-mail to a Colleague
• Print
• RSS
• Archive