Once again a laptop was stolen containing veterans’ personal data. The last time this happened, the Department of Veterans Affairs (VA) paid out $20 million in a settlement in a class action suit brought by veterans.
The laptop stolen this time belonged to a contractor working for the VA. This laptop contained personal information on hundreds of veterans. This laptop’s information was not encrypted and that is a direct breach of the VA’s information technology policy.
The laptop was stolen April 28th and somewhere between 616 and 644 veterans whose personally identifiable information was stored on the laptop were immediately notified. Information encryption is a Congressional and VA mandate yet none of the data on this laptop was encrypted. This is despite the vendor previously certifying to the VA that all laptops storing veteran data were encrypted.
Following a short investigation, it was revealed 578 vendors would not sign contracts with the VA including clauses requiring them to encrypt all veteran information on their computers. Worse, the VA has taken no action against these vendors for refusing to follow the VA’s security measure rules.
The vendor from whom the laptop was stolen had numerous, widespread contracts with the VA. In a letter to VA Secretary Eric Shinseki, The VA’s Chief Information Officer said the VA is lacking in “its primary responsibility of protecting veterans’ personal information.”
The 578 vendors will be investigated to determine if any of them still have contracts with the VA and if they can be forced to encrypt their information without sacrificing health care. Hopefully this is the last time the VA will have to learn this lesson and will insist on their vendors following their own rules.
If you are a disabled veteran who has been denied disability compensation or have not yet applied for benefits from the VA, contact Veterans Help Group. You may be entitled to certain programs and benefits so contact our veterans disability rights firm today.