Another VA breach affects 1,600 veterans from New York system

Share this article:

The Department of Veterans Affairs (VA) is again warning veterans their identity may be at risk following the theft of an unencrypted laptop from the agency's New York Harbor Healthcare System.

The breach affects veterans who receive pulmonary care at the hospital, according to an Oct. 20 letter to veterans, released Wednesday by U.S. Rep. Carolyn Maloney, D-N.Y. The computer, stored in a locked room at the time of the theft, contained personal information, including names, Social Security numbers and diagnosis data, the letter said.

About 1,600 veterans were affected by the Sept. 6 theft, VA spokeswoman Jo Shuda told She was unsure if the laptop was encrypted. Duplicate patient listings incorrectly placed the number of affected vetersans at 2,400 earlier in the day, according to VA officials.

"It is difficult to assess the possibility that your personal information could be accessed from this computer," the letter said. "However, given that personal information is on the computer, a credit monitoring service will be purchased for all veterans potentially impacted by this incident."

The announcement of the theft came about six months after a laptop containing the personal information of millions of veterans and active duty personnel was stolen from the home of a VA employee.

The laptop eventually was turned in to police, and authorities do not believe any sensitive data was accessed. Since then, the VA has mandated all laptops be encrypted and, earlier this week, confirmed former U.S. Army Maj. Gen. Bob Howard as the new assistant secretary for information and technology at the VA.

"VA will become the gold standard in government for securing information, and Bob Howard has the technical expertise and managerial skill to help us achieve that objective," VA Secretary Jim Nicholson said Monday in a statement.

Still, Maloney - who represents some victims of the most recent breach - said she is not satisfied with the VA's security response.

"The VA seems to be mishandling this situation at every step of the way," she said. "First they lost yet another computer, then they waited almost two months to tell the veterans that their identities might be at risk. When is the VA finally going to get serious about protecting veterans' personal data?"

In the New York case, the laptop was not encrypted because it is a medical device, Shuda said. However, 82 percent of non-medical laptops managed by the healthcare system have been encrypted, she said.

Click here to email reporter Dan Kaplan.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.