http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9002252 By Linda Rosencrance August 08, 2006 Computerworld Editor's note: Due to an editing error, an earlier version of this story incorrectly said the stolen computer was a laptop. The U.S. Department of Veterans Affairs yesterday announced that a desktop computer containing the personal information on 38,000 veterans is missing from the office of Unisys Corp., the subcontractor hired to assist in insurance collection for the VA's medical centers in Pittsburgh and Philadelphia. "VA's inspector general, the FBI and local law enforcement are conducting a thorough investigation of this matter," Secretary of Veterans Affairs R. James Nicholson said in a statement. Unisys told the VA on Aug. 3 that the computer was missing from its Reston, Va., offices. The VA immediately sent a team to Unisys to help search for the missing computer and to determine exactly what information it contained. The VA said it believes the data involved is limited to veterans who received treatment at the two Pennsylvania medical centers during the past four years. According to the agency, the desktop computer may have contained patients' names, addresses, Social Security numbers and dates of birth, the names of their insurance companies, billing information, dates of military service and claims data that may include some medical information. The VA estimates that the computer contained information on approximately 5,000 patients treated at a center in Philadelphia, approximately 11,000 patients treated at a Pittsburgh facility and about 2,000 deceased patients. The VA is also investigating the possibility that the computer contained information on another 20,000 people who received care through the Pittsburgh medical center. VA officials are also working with Unisys about notifying those who may be affected and offering them credit-monitoring services. Unisys officials today continued their search for the missing desktop. The company can't say for certain that it was stolen and is not ruling out the possibility that it had been misplaced. "We can't find it. It's missing from where it's regularly housed and the building has been swept several times," said Lisa Meyers, a company spokeswoman. Unisys is continuing to review security tapes, records and logs and conduct interviews. "It is ongoing," said Meyers of the company's search for the desktop. The Reston facility from which the computer disappeared has been used by Unisys since June 2004, said Meyers. There have been no previous reports of thefts from it. The work being done for the VA wasn't classified, although Unisys does work for other government agencies that is classified, and the building has security guards working around-the-clock, with video monitoring of exits and entrances -- including elevators -- as well as a need for key cards. The desktop data was not encrypted, and there was no requirement for that under the government's contract, said Meyers. In addition to alerting U.S. government authorities about the incident, Unisys filed a report with the Fairfax County Police Department. A review of two months' worth of weekly police reports posted online shows on average about four computer thefts a week either from vehicles, residences or offices in the county. A police spokesman said there was no particular trend pointing to an increase in computer thefts. The investigation is continuing, VA officials said. "VA is making progress in efforts to reform its information technology and cybersecurity procedures, but this report of a missing computer at a subcontractor's secure building underscores the complexity of the work ahead as we establish VA as a leader in data and information security," Nicholson said in the statement. The loss of this computer comes just two days after Montgomery County Police in Maryland announced the arrests of two men accused of stealing a VA laptop and hard drive that contained identifying information on 26.5 million of veterans and active-duty military personnel in May. That laptop was recovered in June, and the VA does not believe that any of the personal information contained on it was compromised. -=- Computerworld's Patrick Thibodeau contributed to this report. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Aug 09 2006 - 22:47:08 PDT