Home > Free Essays > Tech & Engineering > Accidents & Protection > Analysis of The Veteran Affairs Data Breach

Analysis of The Veteran Affairs Data Breach Research Paper

Exclusively available on IvyPanda Available only on IvyPanda
Updated: Jun 16th, 2022

The Veteran Affairs (VA) data breach in 2006 was not so much an attack as it violated access controls and mishandled of private and personal information. A VA employee who was a data analyst reported a laptop stolen from his home with approximately 26.5 million Veteran’s data that included names, date of births, social security numbers, and disability ratings (Stout, 2006). The majority of the data in the hard drive was linked to the veterans and their spouses.

At present, there are numerous federal requirements to protect personal information and respond to data breaches. First, it is a federal requirement that all private and personal data have to be encrypted at all stages from storage, transfer, processing, and data being discarded. Second, all personal identification data should not leave the company premises without proper safeguards and authorization. Finally, there should be an effective and timely notification procedure when a data breach has been detected or reported. Millions of veterans were potentially vulnerable to identity theft because of the VA data breach, hence the VA settling out of court without admitting they broke any laws. The VA inspector general’s (IG) report faulted both the data analyst and his supervisors for the data breach. The unencrypted data included names, birthdates, and social security numbers. The 2006 incident was the second occurrence since 2004 that the VA was found in violation of the Federal Information Security Management Act and the notification requirements outlined in the GLBA.

In the VA case, there are some information security and privacy issues that made the organization and its assets more susceptible to attacks. First, the personal and private data on the laptop hard drive was required by VA Information Security procedures to be encrypted, but it was not encrypted (Stout, 2006). Second, the VA employee, a data analyst, did not have the proper authorities or permissions to remove the laptop, much less one having unencrypted data from the VA server or facility. Finally, the VA Supervisors delayed notifications of the data breach to the Veterans Affairs’ Secretary for almost three weeks after the employee reported the laptop stolen from his home leaving the company even more vulnerable.

Since the 2006 VA data breach, significant progress has been made in implementing improved security and privacy controls. First, the organization has invested heavily in information technology systems, IT specialists, and information security training to mitigate data loss, such as those experienced in 2006 (Mosquera, 2012). Second, an IT and security policy procedure, as well as notification and reporting methods and timelines, have been put in place.

The VA leadership could have played a critical role in minimizing organizational risk and impact by taking immediate and decisive actions. For instance, the VA supervisors failed to report the stolen employee’s laptop on time, which indicates that there were no laid down procedures on how data breaches were to be reported (Vijayan, 2007). The VA IG report indicated the VA lacked a data breach plan and lacked an acceptable (if any) data breach training program for their employees. This is surprising as the VA had a similar data breach just a few years earlier. Luck for VA, there was no evidence that the person responsible for the laptop’s theft had gained unauthorized access to the personal information as reported by the FBI. While the computer was eventually recovered almost a month after it was stolen, the VA paid a $20 million settlement without admitting any guilt, any violations of the privacy act, or any other legal basis for liability (Conn, 2009).

References

Conn, J. (2009). . Modern Healthcare.

Mosquera, M. (2012). . Healthcare IT News.

Stout, D. (2006). . The New York Times.

Vijayan, J. (2007). . Computerworld.

This research paper on Analysis of The Veteran Affairs Data Breach was written and submitted by your fellow student. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly.
Removal Request
If you are the copyright owner of this paper and no longer wish to have your work published on IvyPanda.
Request the removal

Need a custom Research Paper sample written from scratch by
professional specifically for you?

801 certified writers online

Cite This paper
Select a referencing style:

Reference

IvyPanda. (2022, June 16). Analysis of The Veteran Affairs Data Breach. https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/

Reference

IvyPanda. (2022, June 16). Analysis of The Veteran Affairs Data Breach. Retrieved from https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/

Work Cited

"Analysis of The Veteran Affairs Data Breach." IvyPanda, 16 June 2022, ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/.

1. IvyPanda. "Analysis of The Veteran Affairs Data Breach." June 16, 2022. https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/.


Bibliography


IvyPanda. "Analysis of The Veteran Affairs Data Breach." June 16, 2022. https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/.

References

IvyPanda. 2022. "Analysis of The Veteran Affairs Data Breach." June 16, 2022. https://ivypanda.com/essays/analysis-of-the-veteran-affairs-data-breach/.

References

IvyPanda. (2022) 'Analysis of The Veteran Affairs Data Breach'. 16 June.

Powered by CiteTotal, online essay citation maker
More related papers