VA left thousands of patient records open to view in shared drives

A regional Veterans Affairs Department in Milwaukee mishandled patients personal data, leaving medical records, internal communications and other information available for unauthorized personnel to access, according to Nextgov.

The VA Inspector General found that the regional office was strong patient data on two shared drives through the Veterans Benefits Administration's network. A whistleblower alerted the inspector general of this in September 2018. Because the data was being stored on open networks, around 25,000 remote users could access patients' sensitive information.

"The inadequate protection of sensitive personal information places veterans' data at risk and could undermine the credibility of VBA and [veteran service organizations] in positions of trust," the inspector general said in a statement, according to Nextgov. "Veterans should have confidence that their sensitive personal information is handled strictly in accordance with federal laws and VA regulations."

Patient data that may have been exposed included medical records, information about medical examinations and disability claims decisions, and veterans' statements in support of their claims. Additionally, patients' names, addresses, dates of birth and phone numbers may have been affected. The information stored in the shared drives dated back to 2016.

It's unclear how many patients had their data exposed. In the report, investigators determined that the VA mishandled the information due to negligence, poor technical controls and insufficient oversight.

More articles on cybersecurity:
8 hospitals, health systems hit by ransomware attacks
Cancer Treatment Centers of America alerts 3,200 patients of data breach
Why cyberattacks can be crippling to smaller hospitals


© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers