Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
Shows & Panels
VA shuts down cloud app after breach
Wednesday - 1/12/2011, 11:16am EST
The Veterans Affairs Department is immediately shutting down one of its cloud applications after information was stored without proper data security controls.
The cloud application was on a Yahoo website that VA doctors used to store patients’ medical information.
According to a VA report, notifications of a possible security breach will be sent to nearly 900 patients.
The application contained information like the full names of patients, the dates and types of surgery, and the last four digits of patients’ Social Security numbers.
VA information security employees noticed the “mishandling of electronic information” in late November, when they realized that doctors and employees in the orthopedics department of a VA hospital were updating a calendar of patient information on a Yahoo.com cloud application.
The hospital had been using the calendar since 2007. Several different doctors accessed the application using the same password, which had not been changed in three years.
The VA’s National Security Operations Center ordered all of the information to be deleted and the calendar to be shut down on Nov. 24.
VA Assistant Secretary for Information and Technology Roger Baker says the incident shows the need for better, more secure IT tools for employees.