Thursday, July 26, 2007

VA Lost 53 Computers, Auditors Say

Oh, for the love of God. What's this, the third time this year? Somebody needs to pull their head out and make sure accountability is happening.

VA lost 53 computers, auditors say

Amy Doolittle - Staff writer
Posted : Wednesday Jul 25, 2007 10:59:08 EDT

The Veterans Affairs Department has lost 53 computers that could include veterans’ sensitive, personal information, a new Government Accountability Office report said.

The computers are missing from four locations across the country. McCoy Williams, director of financial management and assurance at GAO, said veterans’ information possibly could be stolen as a result of the losses.

Williams said VA does not know who was using the computers before they went missing or what information was stored on them.

“We’re not sure ... we basically looked at the environment from a standpoint of ‘could it happen,’ and based on what we saw, the possibility exists” for information to be stolen, he said. “In a situation like this, you only need one case for messing up a whole lot of people.”

VA officials cautioned that missing laptops do not necessarily equal stolen information but nevertheless said the chance for a security breach still exists.

“I would say there’s a slim chance of it being stolen,” said Robert Howard, assistant secretary for information and technology at VA. “With all of the problems we’ve had, I have not encountered any case to my knowledge of identity theft as a result of these instances. Will information be exposed to the wrong people? Yes, we do have knowledge of that.”

The GAO audited three VA medical facilities and VA headquarters as part of their investigation. They found that as of March, officials at the Washington, D.C., VA medical center did not know the location of 28 percent of their information technology inventory. Six percent of the IT inventory was missing from the Indianapolis medical center, 10 percent from the San Diego center and 11 percent from D.C. headquarters.

“The four locations we audited put IT equipment at risk of theft, loss and misappropriation and pose continuing security vulnerability to our nation’s veterans with regard to sensitive data maintained on the equipment,” Williams said Tuesday at a hearing of the House Veterans Affairs oversight and investigations subcommittee.

The GAO also found that used hard drives waiting to be cleared were stored in unsecured bins at the facilities, even though many of them contained sensitive data. Rooms where potentially sensitive data was stored also lacked required security, auditors said.

“When you leave those hard drives, there’s always a possibility that someone will come in and take it,” Williams said at the hearing.

In addition to the items that are currently missing, the audited VA locations reported a total of 2,400 missing IT items valued at $6.4 million over 2005 and 2006, GAO found.

VA officials said they are working to put in place better safeguards to keep tabs on where equipment goes and who has it. They said they have put together a handbook for tracking equipment and will soon put in place new tracking software.

Officials said that since the investigation was concluded, 1,457 of the 1,900 items missing from headquarters have been recovered. That leaves 443 items that are simply lost and likely will never be recovered, they said.

Last year, the personal information of over 26 million veterans and active-duty personnel was lost when a VA laptop was stolen from the Maryland home of a VA analyst. That computer was recovered several months later.

Rep. Tim Walz, D-Minn., an Iraq veteran, said the effects of data insecurity extend beyond potential loss. He said the carelessness of VA is demoralizing to veterans.

“It has a very corrosive effect in trusting the VA in general,” Walz said. “Each of the [committee] members are sensing the frustration among constituents and veterans that this is one of the issues we speak of often and see very little movement on.”


Attila The Mom said...

[Just shaking my head]

This seems to happen an awful lot, doesn't it?

Scully's Moulder said...

I know. It's crazy. And what's really bad is for those folks that were prior service (like me) who married a military person (like I did). It like couble whammys, you know? If it isn't the VA losing or exposing information, then it's SAIC (information manager for TRICARE) transmitting records in an unsecure fashion. But then away from the military side of things, CITIGROUP has made a complete charlie foxtrot of the US Passport processing system by losing, not misplacing, not delayed, but poof gone, losing US Passport applications. I feel a more lengthy post about this coming on.