VA Provides Update on Possible Data Breach

Published: February 13, 2007

WASHINGTON – The Department of Veterans Affairs (VA) has issued an update on the information potentially contained on a missing government-owned, portable hard drive used by a VA employee at a Department facility in Birmingham, Ala.

“Our investigation into this incident continues, but I believe it is important to provide the public additional details as quickly as we can,” said Jim Nicholson, Secretary of Veterans Affairs.  “I am concerned and will remain so until we have notified those potentially affected and get to the bottom of what happened.

“VA will continue working around the clock to determine every possible detail we can,” Nicholson said.

VA and VA’s Office of Inspector General have learned that data files the employee was working with may have included sensitive VA-related information on approximately 535,000 individuals. The investigation has also determined that information on approximately 1.3 million non-VA physicians – both living and deceased – could have been stored on the missing hard drive. It is believed though, that most of the physician information is readily available to the public. Some of the files, however, may contain sensitive information.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

VA continues to examine data on the employee’s work computer. The employee has been placed on administrative leave pending the outcome of the investigation. VA has no information the data has been misused.

The non-VA physician data is used by VA to enhance the quality of care for veterans by analyzing and comparing information about the health care received from VA and non-VA providers.

Next week, VA will begin making notifications to individuals whose sensitive information may have been on the hard drive. VA is also making arrangements to provide one year of free credit monitoring to those whose information proves compromised.

“VA is unwavering in our resolve to bolster our data security measures,” Nicholson added.  “We remain focused on doing everything that can be done to protect the personal information with which we are entrusted.”

On January 22, the employee, who works at the Birmingham (Ala.) VA Medical Center, reported the external hard drive was missing. On January 23, VA’s IG was notified. The OIG opened a criminal investigation, sent special agents to the medical center, and notified the FBI. VA’s Office of Information & Technology in Washington, D.C., also dispatched an incident response team to investigate.

The OIG seized the employee’s work computer and began analyzing its contents. This analysis continues and VA IT staff has been providing technical support.

In addition to the ongoing criminal investigation, the OIG initiated an administrative investigation to determine how such an incident could occur.

VA is operating a call center that individuals can contact to get information about this incident. That toll-free number is 1-877-894-2600. The call center will operate every day from 7 a.m. to 9 p.m. CST as long as it is needed.


VA Press release. Additional information is available at

Posted in: News

Tagged with:

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series