http://www.govexec.com/story_page.cfm?articleid=37563 By Ben Evans Associated Press July 24, 2007 WASHINGTON (AP) -- More than a quarter of the computer equipment at the Veterans Affairs Medical Center in Washington could not be found by investigators, government auditors reported Tuesday. Three other VA facilities showed slightly better results but still could not locate between 6 percent and 11 percent of their equipment, including computers, hard drives, monitors and other devices. In all, the four facilities audited by the Government Accountability Office reported more than 2,400 missing items originally worth $6.4 million. Aside from decrying potentially wasted tax dollars, lawmakers said the report raises fresh questions about the security of the agency's information, including sensitive medical records and Social Security numbers. The audit follows a series of computer data security breaches at the agency that exposed millions of veterans and medical providers to possible identity theft. "It has a very corrosive effect on trust in the VA in general," said Rep. Tim Walz, D-Minn. "I think all of us up here are sensing the frustrations of our constituents and our veterans." For the audit, the GAO sampled equipment inventories at medical centers in Washington, San Diego, Indianapolis and at VA headquarters offices. The auditors said much of the equipment that could be found was not where inventory records said it should be. Equipment often was moved or set aside for discard without documentation. As a result, it was difficult or impossible to determine what had happened to the missing equipment, the report said. Equipment slated for disposal -- some containing sensitive records -- often sat unprotected in storage rooms for months or years, the report said. "Essentially no one was accountable for IT equipment," it said. The GAO found similar weaknesses in a survey of six VA facilities in 2004. GAO officials testified at a House hearing Tuesday that the VA has made some improvements since then but still has not established effective inventory controls or held users accountable for equipment. VA officials did not dispute the findings, but said they were making progress. Since the three-month audit was completed, officials said they had located much of the missing equipment or had verified that it was sent to surplus. Robert Howard, VA's assistant secretary for information and technology, said he did not believe the agency has enough manpower to keep up with the problem. "It is a situation that we are working hard to remedy," he said. The VA has been under intense scrutiny in the past year over the quality of its care for veterans and a series of information technology blunders. Last year, the VA lost data on 26.5 million veterans when computer equipment was allegedly stolen in Maryland. In January, a VA hospital in Birmingham, Ala., lost sensitive data on more than 1.5 million people when a hard drive went missing. A recent internal review of that incident found that the medical center repeatedly failed to follow policies and regulations to protect information -- including in storing the hard drive. VA Secretary Jim Nicholson announced his resignation last week. Copyright 2007 The Associated Press _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Tue Jul 24 2007 - 22:44:45 PDT