Two recent privacy breaches at the Veterans Affairs Department involved
employees who disregarded information security protocols they were trained
to follow, said Roger Baker, assistant secretary for information and
technology at VA.
One incident involved an employee who plugged a personal unencrypted thumb
drive into his computer at work and used it to inappropriately store
Social Security numbers and other personal data for 240 veterans. The
thumb drive was then lost inside a VA facility, found by a VA security
guard, taken home by the guard and finally returned to VA officials, who
declared the events a security breach.
In the other incident, a VA employee printed out Social Security numbers
and other personal information on 180 veterans and took the papers home,
where he typed the information into a Microsoft Word file on his home
computer. When he tried to send the file to his work account via e-mail,
VA's system flagged the message, resulting in discovery of the breach.
No comments:
Post a Comment