Analysis of The Veteran Affairs Data Breach Research Paper

Exclusively available on Available only on IvyPanda® Made by Human No AI

The Veteran Affairs (VA) data breach in 2006 was not so much an attack as it violated access controls and mishandled of private and personal information. A VA employee who was a data analyst reported a laptop stolen from his home with approximately 26.5 million Veteran’s data that included names, date of births, social security numbers, and disability ratings (Stout, 2006). The majority of the data in the hard drive was linked to the veterans and their spouses.

At present, there are numerous federal requirements to protect personal information and respond to data breaches. First, it is a federal requirement that all private and personal data have to be encrypted at all stages from storage, transfer, processing, and data being discarded. Second, all personal identification data should not leave the company premises without proper safeguards and authorization. Finally, there should be an effective and timely notification procedure when a data breach has been detected or reported. Millions of veterans were potentially vulnerable to identity theft because of the VA data breach, hence the VA settling out of court without admitting they broke any laws. The VA inspector general’s (IG) report faulted both the data analyst and his supervisors for the data breach. The unencrypted data included names, birthdates, and social security numbers. The 2006 incident was the second occurrence since 2004 that the VA was found in violation of the Federal Information Security Management Act and the notification requirements outlined in the GLBA.

In the VA case, there are some information security and privacy issues that made the organization and its assets more susceptible to attacks. First, the personal and private data on the laptop hard drive was required by VA Information Security procedures to be encrypted, but it was not encrypted (Stout, 2006). Second, the VA employee, a data analyst, did not have the proper authorities or permissions to remove the laptop, much less one having unencrypted data from the VA server or facility. Finally, the VA Supervisors delayed notifications of the data breach to the Veterans Affairs’ Secretary for almost three weeks after the employee reported the laptop stolen from his home leaving the company even more vulnerable.

Since the 2006 VA data breach, significant progress has been made in implementing improved security and privacy controls. First, the organization has invested heavily in information technology systems, IT specialists, and information security training to mitigate data loss, such as those experienced in 2006 (Mosquera, 2012). Second, an IT and security policy procedure, as well as notification and reporting methods and timelines, have been put in place.

The VA leadership could have played a critical role in minimizing organizational risk and impact by taking immediate and decisive actions. For instance, the VA supervisors failed to report the stolen employee’s laptop on time, which indicates that there were no laid down procedures on how data breaches were to be reported (Vijayan, 2007). The VA IG report indicated the VA lacked a data breach plan and lacked an acceptable (if any) data breach training program for their employees. This is surprising as the VA had a similar data breach just a few years earlier. Luck for VA, there was no evidence that the person responsible for the laptop’s theft had gained unauthorized access to the personal information as reported by the FBI. While the computer was eventually recovered almost a month after it was stolen, the VA paid a $20 million settlement without admitting any guilt, any violations of the privacy act, or any other legal basis for liability (Conn, 2009).

References

Conn, J. (2009). . Modern Healthcare.

Mosquera, M. (2012). . Healthcare IT News.

Stout, D. (2006). . The New York Times.

Vijayan, J. (2007). . Computerworld.

More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, June 16). Analysis of The Veteran Affairs Data Breach. https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/

Work Cited

"Analysis of The Veteran Affairs Data Breach." IvyPanda, 16 June 2022, ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/.

References

IvyPanda. (2022) 'Analysis of The Veteran Affairs Data Breach'. 16 June.

References

IvyPanda. 2022. "Analysis of The Veteran Affairs Data Breach." June 16, 2022. https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/.

1. IvyPanda. "Analysis of The Veteran Affairs Data Breach." June 16, 2022. https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/.


Bibliography


IvyPanda. "Analysis of The Veteran Affairs Data Breach." June 16, 2022. https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
This academic paper example has been carefully picked, checked and refined by our editorial team.
No AI was involved: only quilified experts contributed.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
1 / 1