Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
VA shuts down cloud app after breach
Wednesday - 1/12/2011, 11:16am EST
The Veterans Affairs Department is immediately shutting down one of its cloud applications after information was stored without proper data security controls.
The cloud application was on a Yahoo website that VA doctors used to store patients’ medical information.
According to a VA report, notifications of a possible security breach will be sent to nearly 900 patients.
The application contained information like the full names of patients, the dates and types of surgery, and the last four digits of patients’ Social Security numbers.
VA information security employees noticed the “mishandling of electronic information” in late November, when they realized that doctors and employees in the orthopedics department of a VA hospital were updating a calendar of patient information on a Yahoo.com cloud application.
The hospital had been using the calendar since 2007. Several different doctors accessed the application using the same password, which had not been changed in three years.
The VA’s National Security Operations Center ordered all of the information to be deleted and the calendar to be shut down on Nov. 24.
VA Assistant Secretary for Information and Technology Roger Baker says the incident shows the need for better, more secure IT tools for employees.