Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Healthcare System (VISN 10)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 3, 2012. Also cited in 119 other reports.
Report ID: SPE000000071399, U.S. Department of Veterans Affairs
Reported Entity: VISN 10 Columbus, OH
Issue:
A Non-VA Government Agency sent an unencrypted email containing a Veteran beneficiary's full name, full SSN, date of birth along with information about a legal issue involving Municipal Court to multiple email addresses to include VA Staff. A member of the VA Staff replied to all without applying protection or removing the information to prevent further exposure. Update: 02/06/12:The email was not blocked by Ironport. The Veteran will receive a letter offering credit protection services.
Outcome:
The Information Security Officer (ISO) discussed in depth with the supervisor and facility management regarding "due care" and methods for ensuring encryption either between agencies or prior to reply or forward, to remove personally identifiable information (PII) or encrypt. The supervisor is educating staff and is to ensure that VA staff permanently delete unencrypted versions within their mailbox. The supervisor is also reviewing the initiative for improvements in communication between agencies.