Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid-Atlantic Health Care Network (VISN 6)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 8, 2012. Also cited in 187 other reports.
Report ID: SPE000000075241, U.S. Department of Veterans Affairs
Reported Entity: VISN 06 Durham, NC
Issue:
Durham Employee A contacted United Services Automobile Association (USAA) concerning a potential loan. Employee A was notified by USAA that she was listed as the co-signer on a loan that was in default. She was further notified that the primary person on the loan was Durham Employee B. Employee A is a Veteran with a record in CPRS. Employee A believes that Employee B used the VA information system to access Employee As sensitive information. A Vista report run by the Information Security Officer (ISO) confirms that Employee B accessed the record of Employee A on 10/20/09 and on 10/28/10. Employee A contacted her immediate supervisors, the Information Security Officer and the VA Police to report this issue. VA Police are currently investigating this incident to determine its validity. While the investigation is ongoing, the information system access for Employee B has been disabled until the extent of the incident can be determined. Update: 05/08/12:Employee A will be sent a letter offering credit protection services due to name, SSN and other PII being accessed inappropriately.
Outcome:
The matter has been referred to Hospital Administration to take the appropriate disciplinary action.