Computer Stolen From VA Subcontractor
Missing PC May Contain Names, Social Security Numbers, Medical Data
|
TOOLBOX
   Resize
COMMENT
 Discussion Policy
 CLOSE
Comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site. Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. Finally, we will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site. Please review the full rules governing commentaries and discussions. You are fully responsible for the content that you post.
Who's Blogging  |
Monday, August 7, 2006; 4:54 PM
The Veterans Affairs Department today confirmed that a subcontractor, Unisys Corp., had informed the department that a desktop computer containing sensitive personal information of veterans is missing from the company's offices. It is the second VA data compromise in three months.
Unisys said the desktop computer contained billing records with information for veterans who sought treatment at two VA medical centers, one in Philadelphia and one in Pittsburgh. The information includes names, address, Social Security numbers and dates of birth. It does not include personal financial information.
"The data were used only for insurance collections management purposes and may include insurance carrier and billing information as well as claims data with some medical information," Unisys said in a statement.
Unisys was hired to assist in insurance collections for VA's medical centers in Pittsburgh and Philadelphia.
"VA's inspector general, the FBI and local law enforcement are conducting a thorough investigation of this matter," said VA secretary James Nicholson.
Earlier, the offices of New Jersey Republican Reps. Frank LoBiondo and Jim Saxton confirmed that local, state and federal law enforcement, including the FBI, are investigating the theft of a desktop computer from the contractor's office. VA notified the congressmen's offices Friday evening that information for veterans living in the Pittsburgh, Philadelphia and Southern New Jersey areas might be compromised.
Unisys notified VA Aug. 3 that the computer was missing from its Reston, Va., offices. VA immediately dispatched a team to Unisys to assist in the search for the missing computer and to help determine the precise nature of the information it may have contained.
Unisys had observed security controls, but there was not a requirement to encrypt the data, said Unisys spokeswoman Lisa Meyer.
"The building and floor where the computer was located require security protocols for physical access. Log-in and password protocols also were required to access the data, which were stored in a database on the computer," she said.
"Unisys takes very seriously its responsibility to safeguard individuals' personal information and shares the concerns this incident will cause," the company said. It will also work with VA regarding the notification of potentially affected veterans and the offer of credit monitoring.
While the investigation is in an early stage, VA believes the records involved are limited to people who received treatment at the two Pennsylvania medical centers during the past four years.
Initial estimates indicate the desktop contained information on approximately 5,000 patients treated at Philadelphia, approximately 11,000 patients treated at Pittsburgh and approximately 2,000 deceased patients. VA is also investigating the possibility the computer may have contained information on approximately 20,000 other people who received care through the Pittsburgh medical center.
