Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Alexandria VA Health Care System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 6, 2014. Also cited in 16 other reports.
Report ID: PSETS0000105096, U.S. Department of Veterans Affairs
Reported Entity: ALEXANDRIA LA - 502
Issue:
Employee A reported via Outlook that he was conducting an Intranet search for "Rackstraw" and the results showed a link to an excel document that included 50K Veteran names, homeless status, and full SSN. Employee A also reported the event via email to VACO Privacy Service. Immediately upon reading message, the Privacy Officer (PO) submitted information to the VA Privacy Issues mailgroup and entered a ticket.
Outcome:
06/09/14: This was internal to the VA only. In order to find the document, someone would have to know specifically what to search for. Additionally: permissions were fixed as soon as this was reported and access is no longer open. Also, this was only visible to VA employees, thus a low risk of compromise of data. he Incident Resolution Team has determined that there was a policy violation. While there was an unauthorized disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.