The Department of Veterans Affairs’ (VA) security policies have once again been violated, putting patients and their personal information at risk. This time, however, it wasn’t a stolen laptop or an unsecured jump drive violating the VA’s security protocols. According to the VA’s monthly congressional report, several doctors at some of Chicago VA’s medical centers were using an unsecured Yahoo! calendar application to schedule patients’ appointments. The publication of the confidential medical information affected approximately 900 patients and is in direct violation of the VA’s rule forbidding patient information being stored outside the VA’s firewalls.
The information stored on the unsecured, online calendar included:
- Social security numbers;
- Full names;
- Types of surgery;
- Dates or surgery; and
- Other information.
Apparently such information has been stored on the online calendar since July of 2007. The password established for that calendar back in 2007 is the same password still in use today, according to the report. Given the somewhat transient nature of residents in medical facilities, it is probably a safe bet to say a fair number of people had access to the password over the years and potentially still know that password.
Once again, VA spokespeople used this incident to highlight their need for more IT tools to build a more secure VA; cloud-based tools were highlighted in particular. VA doctors are supposed to use their secure network to store patient information. Even the most secure VA network depends on the users maintaining the security. In this situation, posting patient information online could not have been stopped by more state-of-the-art or more effective security tools.
If you are a disabled veteran who has been denied disability compensation or have not yet applied for benefits from the VA, contact Veterans Help Group. You may be entitled to certain programs and benefits so contact our veterans disability rights firm today.