Application security, Data Security, Encryption, Network Security

2,100 veterans PII sent in unencrypted email

More than 2,100 veterans in Colorado and Kansas received an unpleasant alert just in time for Veterans Day.
A Department of Veteran Affairs worker sent an unencrypted email to himself that contained veterans' personally identifiable information (PII), according to an Associated Press report.

The document included veterans' first and last names, medical information, and last four digits of the veterans social security numbers. The employee spoke anonymously to the AP.
He told the news service that he emailed the veterans data to himself because he wanted to track delays the delays experienced by veterans in receiving care, which he felt would otherwise go unreported.
The Veteran Affairs department sent notifications to 2,100 veterans informing the individuals that their personal data may have been compromised.

“It is not clear which email service the employee in question used, but in the past healthcare organizations have received HIPAA violations for uploading patient data to cloud applications without evaluating their security,” Skyhigh Networks Senior Vice President of Products and Marketing Kamal Shah wrote in an email to SC Media.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.