Due to information being stored without adequate data security controls, VA took action to immediately suspend the operations of one of its cloud applications. The application was hosted on a Yahoo! website and VA doctors used it as a place to store Veterans’ medical data. VA plans to send notifications to the approximately 900 patients whose records were involved in the as yet unconfirmed security breach.
The application included the full names of patients, the last four digits of their Social Security numbers, and the dates and types of surgery that patients have undergone. In use since 2007, the hospital claims that many different doctors gained access to the application using the same password. They claim that the password had not been changed in three years.
The story is that VA information security employees became aware of the “mishandling of electronic information” sometime in late November. They became aware of this when they discovered that both doctors and employees in the orthopedics department of a VA hospital had been regularly updating a calendar of patient information on a Yahoo! cloud application.
Acting quickly, VA’s National Security Operations Center gave the order on November 24th for all of the information to be deleted and the calendar to be shut down. VA’s Assistant Secretary for Information and Technology Roger Baker issued a statement saying that the incident demonstrates the need for more capable secure IT tools across VA.
For more information, please visit: http://www.federalnewsradio.com/index.php?nid=35&sid=2211045