Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid-Atlantic Health Care Network (VISN 6)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 15, 2011. Also cited in 187 other reports.
Report ID: SPE000000063720, U.S. Department of Veterans Affairs
Reported Entity: VISN 06 Durham, NC
Issue:
On Wednesday, June 15, 2011, the Durham Information Security team received an email from an employee at the Durham Medical Center to alert us to an unencrypted email containing 41 employee names and social security numbers. A Durham Information Security Officer contacted the supervisor of the employee that sent the message and brought the incident to the attention of the Durham Privacy Officer and executive leadership. The unencrypted e-mail message was sent to 150+ VA employees within the VA Intranet. The responsible employee was instructed to recall the message as well as delete it from the inbox and deleted items folder. The incident has been reported to the VA National Security Operations Center and the employee will be taking the Privacy Awareness and Cyber Security Training within one week. The training certificates will be sent to the Durham Information Security Officer. Update: 06/15/11:Due to the number of individuals that received the unencrypted email with Employees full SSN, the 41 Employees will receive a letter offering credit protection services.
Outcome:
Employee retook VHA privacy and security awareness training.