Once Again They’ve Had A Breach
Just posted on CBS: 38,000 Vets’ Data Missing
VA Secretary Jim Nicholson said that Unisys Corp., a subcontractor hired to assist in insurance collections for VA medical centers in Philadelphia and Pittsburgh, reported the missing computer last Thursday. The computer was being used in Unisys offices in Reston, Va.
It is not yet known what happened to the computer, Nicholson said, adding that local and federal authorities are investigating.
The computer is believed to contain names, addresses, Social Security numbers, dates of birth, insurance carriers and claims data including medical information for veterans who received care at the hospitals in Philadelphia and Pittsburgh during the past four years.
Why are they still putting records on laptops in an unencrypted format? What does it take to convince these people to introduce some security for the records of the people they are supposed to be serving?
This is another example of the total lack of awareness by Republicans for the need to actually provide security. This is why outsourcing and privatizing government functions is not always a good idea.
If you have been to the facilities in Pennsylvania in the last four years, you have something more to worry about, because the Republicans obviously don’t care.
2 comments
I’m not allowed to bring in or take out from my worksite the following: mp3 players, thumbdrives, cd’s, floppy disks, cell phones, PDAs, laptops and any type of recordable media. But then, I work at a DoD facility and Def is way more security conscious than even the FBI(!). If only the VA was as vigilant about security as the Department of Defense.
I have a client for which I’ve done three projects over the years. Their work sits on a separate physical bootable hard disk that I have to install in a machine when I do work for them. The entire disk is encrypted beyond the basic operating system and it has never been near the Internet.
All correspondence is encrypted.
Their basic service is a specialized training course, but they don’t want anyone to discover their pricing or client list.
If a training company can be that security conscious [and no, they are not in a particularly secretive market, they are actually very mundane] why can’t the bloody government?
These guys are protecting trade secrets and their business model. You would think government personnel records would rate a bit higher, especially after the last loss.
[You probably heard that Furby was banned from NSA sites because of its recording capability.]