Weaknesses in the physical controls of laptops and other hardware
at U.S. Department of Veterans Affairs (VA) facilities has put the agency in
danger of suffering another data breach, according to the Government Accountability
The VA suffered a massive data breach last May when a laptop
was stolen from the Aspen Hill, Va., home of a department employee. The incident
affected 26.5 million veterans and active-duty members of the U.S. Armed
The theft of any one of 53 missing computers noted by the GAO could result in another breach, according to the agency.
Melvin said that GAO audits of four locations - medical
“Further, our limited tests of computer hard drives in the
excess property disposal process found hard drives at two of the four case
study locations that contained personal information, including veterans' names
and Social Security numbers,” reported the GAO.
A VA representative could not immediately be reached for
The GAO also took the VA to task for its failure to implement
its IT security management structure recommendations.
As of this month, the VA has implemented two of 22
recommendations made by its own inspector general, and two of four recommendations
from the GAO.
“Because these recommendations have not yet been implemented, the department will be at increased risk that personal information of veterans and other individuals, such as medical providers, may be exposed to data tampering, fraud and inappropriate disclosure.”