Another VA breach affects 1,600 veterans from New York system

Share this article:

The Department of Veterans Affairs (VA) is again warning veterans their identity may be at risk following the theft of an unencrypted laptop from the agency's New York Harbor Healthcare System.

The breach affects veterans who receive pulmonary care at the hospital, according to an Oct. 20 letter to veterans, released Wednesday by U.S. Rep. Carolyn Maloney, D-N.Y. The computer, stored in a locked room at the time of the theft, contained personal information, including names, Social Security numbers and diagnosis data, the letter said.

About 1,600 veterans were affected by the Sept. 6 theft, VA spokeswoman Jo Shuda told SCMagazine.com. She was unsure if the laptop was encrypted. Duplicate patient listings incorrectly placed the number of affected vetersans at 2,400 earlier in the day, according to VA officials.

"It is difficult to assess the possibility that your personal information could be accessed from this computer," the letter said. "However, given that personal information is on the computer, a credit monitoring service will be purchased for all veterans potentially impacted by this incident."

The announcement of the theft came about six months after a laptop containing the personal information of millions of veterans and active duty personnel was stolen from the home of a VA employee.

The laptop eventually was turned in to police, and authorities do not believe any sensitive data was accessed. Since then, the VA has mandated all laptops be encrypted and, earlier this week, confirmed former U.S. Army Maj. Gen. Bob Howard as the new assistant secretary for information and technology at the VA.

"VA will become the gold standard in government for securing information, and Bob Howard has the technical expertise and managerial skill to help us achieve that objective," VA Secretary Jim Nicholson said Monday in a statement.

Still, Maloney - who represents some victims of the most recent breach - said she is not satisfied with the VA's security response.

"The VA seems to be mishandling this situation at every step of the way," she said. "First they lost yet another computer, then they waited almost two months to tell the veterans that their identities might be at risk. When is the VA finally going to get serious about protecting veterans' personal data?"

In the New York case, the laptop was not encrypted because it is a medical device, Shuda said. However, 82 percent of non-medical laptops managed by the healthcare system have been encrypted, she said.

Click here to email reporter Dan Kaplan.

Share this article:

Sign up to our newsletters

More in News

Apple hit with privacy class-action over iPhone location service

Apple hit with privacy class-action over iPhone location ...

A woman claims she did not realize the company was using location services to track her and accuses the company of giving the data to third parties.

Attackers compromise Gizmodo Brazil

Trend Micro is investigating whether a vulnerability was used to compromise Gizmodo Brazil and a logistics firm hosted by the same ISP.

Paddy Power breach impacting 650K customers dates back to 2010

Nearly 650,000 Paddy Power customers who made an account prior to 2010 had data compromised in a breach.