Another VA breach affects 1,600 veterans from New York system

Share this article:

The Department of Veterans Affairs (VA) is again warning veterans their identity may be at risk following the theft of an unencrypted laptop from the agency's New York Harbor Healthcare System.

The breach affects veterans who receive pulmonary care at the hospital, according to an Oct. 20 letter to veterans, released Wednesday by U.S. Rep. Carolyn Maloney, D-N.Y. The computer, stored in a locked room at the time of the theft, contained personal information, including names, Social Security numbers and diagnosis data, the letter said.

About 1,600 veterans were affected by the Sept. 6 theft, VA spokeswoman Jo Shuda told She was unsure if the laptop was encrypted. Duplicate patient listings incorrectly placed the number of affected vetersans at 2,400 earlier in the day, according to VA officials.

"It is difficult to assess the possibility that your personal information could be accessed from this computer," the letter said. "However, given that personal information is on the computer, a credit monitoring service will be purchased for all veterans potentially impacted by this incident."

The announcement of the theft came about six months after a laptop containing the personal information of millions of veterans and active duty personnel was stolen from the home of a VA employee.

The laptop eventually was turned in to police, and authorities do not believe any sensitive data was accessed. Since then, the VA has mandated all laptops be encrypted and, earlier this week, confirmed former U.S. Army Maj. Gen. Bob Howard as the new assistant secretary for information and technology at the VA.

"VA will become the gold standard in government for securing information, and Bob Howard has the technical expertise and managerial skill to help us achieve that objective," VA Secretary Jim Nicholson said Monday in a statement.

Still, Maloney - who represents some victims of the most recent breach - said she is not satisfied with the VA's security response.

"The VA seems to be mishandling this situation at every step of the way," she said. "First they lost yet another computer, then they waited almost two months to tell the veterans that their identities might be at risk. When is the VA finally going to get serious about protecting veterans' personal data?"

In the New York case, the laptop was not encrypted because it is a medical device, Shuda said. However, 82 percent of non-medical laptops managed by the healthcare system have been encrypted, she said.

Click here to email reporter Dan Kaplan.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.