Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
South Central VA Health Care Network (VISN 16)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 11, 2012. Also cited in 317 other reports.
Report ID: SPE000000073960, U.S. Department of Veterans Affairs
Reported Entity: VISN 16 Muskogee, OK
Issue:
VA shared files were sent to users by accident. The users who opened the files looked at other staff and co-workers' performance evaluations and other personal documents, including the full SSN. It was reported that one employee sent the information to her home computer and shared it with other employees. Update: 04/16/12: The Privacy Officer (PO) and Information Security Officer (ISO) will attempt to interview the employee who shared other employees' information with co-workers. IT staff have removed the shared folder. The ISO will meet with the service line director to inform her of the accusation against the employee. 04/16/12: According to the ISO, approximately 178 employees' information was on the share drive. The IT Department is unable to tell how many individuals looked at the records, or what was copied. At this time it is unknown if the information is still on the home computer. The employee has not been interviewed due to the employee working night shift. The ISO and the PO is scheduled to interview the employee this week. The service chief has been notified and will be dealing with any personnel/administrative actions. 04/16/12: The number of employees affected is over 200 past and present employees. 04/17/12: The PO and ISO interviewed the employee concerning information sent home to her computer. Employee stated sent it home so could later call the IT technician to confirm what information was exposed and where on the portal it was. She also stated she was unable to open the attachment that she sent to her home computer. The IT Department was contacted to remove files or correct permission. 04/30/12: The revised counts (due to duplicates) are 91 Employees had full SSN exposed, and 5 Employees had name and partial SSN exposed, therefore 91 Employees will receive a letter offering credit protection services and 5 Employees will receive a general notification letter.
Outcome:
Employees re-educated, trained and made aware of privacy and security issues.