Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
North Florida/South Georgia Veterans Health System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 13, 2014. Also cited in 64 other reports.
Report ID: PSETS0000101543, U.S. Department of Veterans Affairs
Reported Entity: NORTH FL/SOUTH GA HCS-GAINESVILLE - 573
Issue:
Police reported a VA employee has been caught selling Personally Identifiable Information (PII). The Veterans' full SSNs were compromised.
Outcome:
03/14/14: On 03/13/14, the Gainesville Police Department reported to the Information Security Officer (ISO) that a VA Tele Health Clerk had been selling PII. She was arrested on unrelated domestic charges and admitted to the Gainesville Police Detective to selling 7 Veterans' data. It is unknown how long this has been going on, however information has been provided for the current tax season. The suspect has not yet been interviewed by the VA Detective. 03/19/14: The OIG is involved and investigation is ongoing. We do not have any confirmed Veteran names yet to release. 03/21/14: The ISO is staying in contact with VA Police. No further information can be released at this time. 03/28/14: No additional information available at this time. 04/04/14: OIG has released 2 of the 7 names to allow for credit protection letters and Privacy is putting together the credit protection letters. No other information is to be released at this time as the investigation continues. The 2 Veterans will receive letters offering credit protection services. Protected health information (PHI) was not involved for these two Veterans. 05/01/14: Unable to obtain the remaining Veteran names. Earlier, when the VA Employee had initially confessed and made the statement that there were 5 others, she didn't know who they were and the data was at her residence. After she was release from jail for a different charge, she had been evicted and her belongings no longer there along with the information of the remaining 5 Veterans. OIG stated they would possibly look into other ways of determining what was taken but they did charge the person for the 2 confirmed names. They did not state if they were closing the case yet. The PO will give them a few business days to see what they may determine. The employee did come back to work in a different department and the facility stated they would ensure she didn't have access to any information.