VA Heartland Network (VISN 15)

Report ID: SPE000000068485, U.S. Department of Veterans Affairs

Reported Entity: VISN 15 Topeka, KS

Issue:

The Information Security Officer (ISO) received a call from the VA Police and stated the VA photographer lost a memory card. The ISO called the photographer. The photographer stated he picked up the camera memory card from a caregiver around 4:00 PM (right before the end of his shift) in order to upload the data to VistA imaging. The card contained photos and protected health information (PII) on ten Veterans. The photographer thought he placed the memory card next to his printer so he could upload the photos the next morning. He then went to the store after work and then went home. When he came back to his office the next morning on 11/09/11 and saw that it wasn't next to his printer, he immediately began looking for it and asked his wife to see if it was at his residence. He checked his pockets and his car but the device still hasn't been recovered. The employee's supervisor was notified. Update: 11/10/11:Due to fulll SSN being exposed, Ten (10) Veterans will be sent letters offering credit protection services.

Outcome:

Actions taken: 1. Images on camera after upload (& quality checks) are not saved, but the memory card or (SD) scan disk is formatted whereby any images/information previously is no longer identifiable.2. If by COB (close of business) or near the COB, staff is finished for the day and a memory card or disk is in their possession, but an upload of images was not possible; the memory card or disk will be protected & secured in a locked drawer within the staff departments locked office. 3. Employee trained in security & privacy programs protocols.