An IT worker at the U.S. Department of Veterans Affairs didn’t properly secure data stored on an external hard drive that was lost or stolen in January, and he then initially lied about the scope of the data breach, according to a June 29 report by the VA’s inspector general.

But the 79-page report also blamed officials at the VA’s medical center in Birmingham, Ala., for letting the worker access “vast amounts” of information that was beyond the scope of the projects he was working on. In addition, the directors of the center were taken to task for not ensuring that proper safeguards were put in place for securing data on external drives.

The Iomega drive, which has yet to be recovered, contained Social Security numbers and other personal data on more than 250,000 veterans and 1.3 million medical providers.

VA Inspector General George Opfer’s report recommended that the agency take “appropriate administrative action” against the worker in question, who is classified as an IT specialist, and the top two officials at the Birmingham facility. The report also called on VA CIO Robert Howard and the undersecretary in charge of the agency’s medical facilities to create new data security policies and upgrade existing ones.

This entry was posted on Monday, July 9th, 2007 at 6:30 am and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.