Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
VA shuts down cloud app after breach
Wednesday - 1/12/2011, 11:16am EST
The Veterans Affairs Department is immediately shutting down one of its cloud applications after information was stored without proper data security controls.
The cloud application was on a Yahoo website that VA doctors used to store patients’ medical information.
According to a VA report, notifications of a possible security breach will be sent to nearly 900 patients.
The application contained information like the full names of patients, the dates and types of surgery, and the last four digits of patients’ Social Security numbers.
VA information security employees noticed the “mishandling of electronic information” in late November, when they realized that doctors and employees in the orthopedics department of a VA hospital were updating a calendar of patient information on a Yahoo.com cloud application.
The hospital had been using the calendar since 2007. Several different doctors accessed the application using the same password, which had not been changed in three years.
The VA’s National Security Operations Center ordered all of the information to be deleted and the calendar to be shut down on Nov. 24.
VA Assistant Secretary for Information and Technology Roger Baker says the incident shows the need for better, more secure IT tools for employees.