[ISN] VA employees tap cloud apps on their own, posing security risk

From: InfoSec News <alerts_at_private>
Date: Thu, 23 Dec 2010 03:12:56 -0600 (CST)
http://www.nextgov.com/nextgov/ng_20101222_6852.php

By Bob Brewin 
Nextgov
12/22/2010

Computer savvy Veterans Affairs Department employees have started to use 
Internet-based services and tools that the VA does not provide on its 
systems, presenting a security challenge, according to its chief 
information officer. It's also a clarion call for the department to 
adopt these applications, CIO Roger Baker said on Wednesday during a 
media call about VA's monthly data breach report to Congress.

The November report revealed that employees in the Chicago VA hospital 
maintained a calendar on the Yahoo.com website that listed more than 
1,000 patients.

This schedule included patients' names, surgery dates, types of 
procedures and the last four digits of their Social Security numbers. An 
investigation revealed the facility's orthopedics department had used 
the Yahoo.com site since July 2007, according to the data breach report.

The investigation determined that four orthopedic residents shared the 
same Yahoo.com account and password to access the data, and in past 
years a rotating series of residents had access to that account.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Thu Dec 23 2010 - 01:12:56 PST

This archive was generated by hypermail 2.2.0 : Thu Dec 23 2010 - 01:23:08 PST