VA employee had permission to take work home

[victorcharlie]

Just what I thought......

http://www.wsmv.com/global/story.asp?s=5093073

[DWTim]

Yep, you were right! I don't know if we have any Limbaugh listeners here, but fill-in Paul W. Smith interviewed a guy from the VA on the air on Monday.

http://mfile.akamai.com/5020/wma/rushlimb.download.akamai.com/5020/clips/06/07/070306_2_james_nicholson.asx
(requires Windows Media Player, or MPlayer with WMA codecs)


"...We're going to make this place the gold standard for... security."

Hey, start with some basic security first, like a database server with some user permissions!

[victorcharlie]

Seems another desktop came up missing from the VA.......This one had 36000 records of those who received VA medical care......There are now people calling for the secretary to resign.........I'm amazed that security is so lax......

[DWTim]

Well...

(sigh)

...they aren't on their way to becoming the 'gold standard', but at least they provide an example of how not to do it.

[Haywire Haywood]

My question is why laptops at all.  It should be on a central network accessable only by a workstation on someone's desk.  I was just reading a newpaper report on how rampant workplace laptop thefts are.

Ian

[Questor]

The VA is liable for this. There is no reason or excuse for this to occur with today's technology. Even in the remote chance that there's a valid reason for having patient data on a laptop, the data should be encrypted. Laptop encryption software is automatic, widely available, and is transparent to the user, except that a special login screen needs to be entered before Windows starts. Pointsec is an example of such software.  The trend in security policy is that all customer or employee data, and any other sensitive data where privacy is an issue, must be stored on a network. The potential for privacy lawsuits is tremendous now and no company wants the kind of liability that such suits entail.

[victorcharlie]

The latest loss was a desktop......seems maybe Unisys had it for repair?

[Questor]

Still liable. That information should be on a network.

[victorcharlie]

He's a good read on the latest data theft situation:

http://news.yahoo.com/s/ap/20060810/ap_on_go_ot/vets_data_thefts

They mention credit protection monitoring for the 38,000 veterans stolen from Unisys....

Nothing for the rest of us........

and this from the VA:

http://www1.va.gov/opa/pressrel/pressrelease.cfm?id=1165

[DWTim]

So much for VA-funded credit monitoring to protect against a problem they created. Guess you could call it a conflict of interest, or at the very least, not a good idea. When this story broke, I mentioned it to my coworker, who is a '91 Gulf War vet. She said she's doing her own credit monitoring. Looks like that was the right idea all along.

[victorcharlie]

And now......ATT.....shows the government isn't the only one who leaks information.

http://www.eweek.com/article2/0,1759,2010001,00.asp?kc=EWYH104039TX1B0000665

[Sourdough]

Back on the first of January 1969, the US military started using our social security numbers instead of issuing a serial number to military members.  That opened up a whole can of worms.