Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
VA shuts down cloud app after breach
Wednesday - 1/12/2011, 11:16am EST
The Veterans Affairs Department is immediately shutting down one of its cloud applications after information was stored without proper data security controls.
The cloud application was on a Yahoo website that VA doctors used to store patients’ medical information.
According to a VA report, notifications of a possible security breach will be sent to nearly 900 patients.
The application contained information like the full names of patients, the dates and types of surgery, and the last four digits of patients’ Social Security numbers.
VA information security employees noticed the “mishandling of electronic information” in late November, when they realized that doctors and employees in the orthopedics department of a VA hospital were updating a calendar of patient information on a Yahoo.com cloud application.
The hospital had been using the calendar since 2007. Several different doctors accessed the application using the same password, which had not been changed in three years.
The VA’s National Security Operations Center ordered all of the information to be deleted and the calendar to be shut down on Nov. 24.
VA Assistant Secretary for Information and Technology Roger Baker says the incident shows the need for better, more secure IT tools for employees.