Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA New England Healthcare System (VISN 1)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on July 16, 2012. Also cited in 204 other reports.
Report ID: SPE000000077918, U.S. Department of Veterans Affairs
Reported Entity: VISN 01 White River Junction, VT
Issue:
Veteran called the MyHealTheVet Service desk and stated that while he was logged into his profile, the site would display the information and profile of another Veteran. The system allowed the 2 Veterans to create accounts with the same username. When this Veteran reset his account password answering his security questions the system tied his account into the second Veterans profile.Once this was reported to the service desk the account was disabled to prevent any further access. Update: 07/17/12:Both Veterans will be sent a letter offering credit protection services due to the combination of name and date of birth being exposed.
Outcome:
My HealtheVet accounts (2) deactivated requiring both Veterans to contact the Help Desk to create a new User Name and reactivation of accounts. CM leeter sent to Veteran B due to the fact that Veteran A was able to view Veteran B's profile information including first and last name, last 4 of SSN and address.SOP for the Help Desk is being revised and training will occur regarding timely reporting and procedure for reporting incidents.