Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Dataloss] follow-up: VA sets aside $20 million to handle latest data breach

From: security curmudgeon (jerichoattrition.org)
Date: Fri Jun 15 2007 - 02:04:42 CDT

---------- Forwarded message ----------
From: InfoSec News <alertsinfosecnews.org>


By Daniel Pulliam
June 14, 2007

The Veterans Affairs Department has set aside more than $20 million to
respond to its latest data breach, the agency's top technology officer
said Thursday.

The department does not expect to spend the full $20 million, but
designated that much because the breach potentially puts the identities of
nearly a million physicians and VA patients at risk, said Bob Howard, the
department's chief information officer. Howard spoke at The E-Gov
Institute's Government Health IT Conference and Exhibition in Washington.

"We have no evidence that [information is at risk]. None whatsoever, but
we don't take the chance," Howard said. "The attitude of the VA right now
is if we think we've put anybody's information at risk, then we need to
step up to the plate and try to remedy that."

The breach occurred in January, when a hard drive went missing from a
Birmingham, Ala., VA medical research facility. The drive contained highly
sensitive information on nearly all U.S. physicians and medical data for
more than a half million VA patients. Any physician who billed Medicaid
and Medicare through 2004 could be affected.

The hard drive has not been recovered. The VA estimates that about half of
the 1.3 million doctors whose information was on the hard drive, and
254,000 veterans, are potentially at risk. This group was notified by mail
at the end of May. The letters noted that VA is providing credit
monitoring services through a General Services Administration blanket
purchase agreement from the multiple award schedules program.

Dataloss Mailing List (datalossattrition.org)
Tracking more than 209 million compromised records in 700 incidents over 7 years.