Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Captain James A. Lovell Federal Health Care Center
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on August 6, 2014. Also cited in 22 other reports.
Report ID: PSETS0000107522, U.S. Department of Veterans Affairs
Reported Entity: CAPTAIN JAMES A. LOVELL FHCC - 556
Issue:
Employee A was just looking at the enterprise Health Management Platform (eHMP) site and noticed that a contractor (Contractor A) for the eHMP project has their onboarding documents on the page and at least one of them has his full SSN that can be seen by anyone with access to the site. The Information Security Officer (ISO) reviewed the site and discovered an additional 85 names.
Outcome:
08/06/14: This is a SharePoint site and is internal to the VA. The majority of the data was entered by a VA employee, however some was entered by the contractor. The site was open to VA staff and contractors. All the documents have been removed by the VA employee who entered most of the information. 08/07/14: A VHA employee stumbled upon this and reported it to the ISO. It was accessible from a secondary mouse click but the first name was on the main page. Everyone who had access to this site (VA and Contractors) all are required to take this training and they have completed it. The Incident Resolution Service Team determined that this was a policy violation. No data breach occurred.