More than 2,100 veterans in Colorado and Kansas received an unpleasant alert just in time for Veterans Day.
A Department of Veteran Affairs worker sent an unencrypted email to himself that contained veterans’ personally identifiable information (PII), according to an Associated Press report.
The document included veterans’ first and last names, medical information, and last four digits of the veterans social security numbers. The employee spoke anonymously to the AP.
He told the news service that he emailed the veterans data to himself because he wanted to track delays the delays experienced by veterans in receiving care, which he felt would otherwise go unreported.
The Veteran Affairs department sent notifications to 2,100 veterans informing the individuals that their personal data may have been compromised.
“It is not clear which email service the employee in question used, but in the past healthcare organizations have received HIPAA violations for uploading patient data to cloud applications without evaluating their security,” Skyhigh Networks Senior Vice President of Products and Marketing Kamal Shah wrote in an email to SC Media.