SC

Sources: Computer Thefts Compromise Veterans’ Data

Sources at the Williams Jennings Bryan Dorn Veterans Hospital in Columbia, S.C. tell FITS the federal facility has been hit by “multiple” computer thefts in recent months – including an incident last weekend involving a pair of devices. These thefts have reportedly placed “sensitive” veterans’ personal information at risk. “These…

Sources at the Williams Jennings Bryan Dorn Veterans Hospital in Columbia, S.C. tell FITS the federal facility has been hit by “multiple” computer thefts in recent months – including an incident last weekend involving a pair of devices.

These thefts have reportedly placed “sensitive” veterans’ personal information at risk.

“These computers hold confidential medical records and personal information,” one source tells FITS.

The Dorn hospital – part of the U.S. Department of Veterans Affairs – is one of numerous government facilities unaffected by the so-called “shutdown” of the federal government.

“All (Veterans Affairs) medical centers and clinics will remain fully operational and will continue to provide health care services to our nation’s Veterans during the government shutdown,” the facility’s website notes.

According to our sources, the most recent theft involved a laptop and a desktop. Both machines reportedly contained sensitive information. Details about the prior thefts – which occurred several months ago – are less clear.

Employees at the facility are paranoid about reporting the thefts because “its been kept hush-hush” by hospital administrators.

“They don’t want it getting out,” one source told us.

Oops …

Follow FITS for more on this story as we continue to gather information …

 

Related posts

SC

South Carolina Restructuring: House Approves Health Care Consolidation Bill

Dylan Nolan
SC

University Of South Carolina Is Teaching ‘Squirting’

Will Folks
SC

‘Carolina Crossroads’ Update: SCDOT Targets ‘Malfunction Junction’

Will Folks

17 comments

Hippa October 13, 2013 at 5:41 pm

There are laws in place to ensure the information is published in local media (usually newspapers) if it involves more than say 50 people

Reply
Frank Pytel October 13, 2013 at 7:28 pm

Not published, protected. But must be at least 50. Frack the rest of you.

Reply
idcydm October 13, 2013 at 5:58 pm

Lets see, the VA has personal information compromised, SC has personal information compromised, the IRS has personal information compromised and the IRS is going to be involved in Obamacare, we don’t have a chance.

Reply
Frank Pytel October 13, 2013 at 7:26 pm

Yes,but does anybody truly really give a shite. Welcome to the NWO soundbitelandia

Reply
Frank Pytel October 13, 2013 at 7:25 pm

Thank God you didn’t use the E-word. Im getting so bored by cnsydbecausewelikeyouM-O-U-S-EEEEEEEE spouting bs.

Reply
Time for pencils October 13, 2013 at 8:11 pm

If you forced every SC government agency to have all of their records on intranets only, with no computers on said intranet connect to the internet, it would be much easier to safe guard information and find those who managed to steal it.

If you cut all SC government workers off from the internet with the exception of e-mail, productivity would probably double.

Reply
The Colonel October 14, 2013 at 7:35 am

“…productivity would probably double… and corruption would probably quadruple.

Reply
nitrat October 14, 2013 at 8:09 am

As someone who worked for an agency that did it both ways, I’ve been saying it for years. Internal systems are all they NEED. Get those workers off the internet. They don’t NEED email to communicate with anyone outside the agency. We do have phones, you know.

The same goes for the federal government. Why in the world did they put archived records on their internet systems so the pathetic Bradley Manning could get to them and make himself famous?

Re: the Colonel’s medical record concerns, let me add mine. Anytime you have your professional, hands on the patient/client staff become primarily data entry workers, whether it’s doctors, nurses, or social workers trying to monitor families and prevent them from killing their children, they don’t have the time to do the actual work they were hired to do and quality is far from assured.
Bring back the Dictaphone and the secretarial/administrative SUPPORT staff.

Most lawyers still have them – and, virtually everything a lawyer does could easily be put on a word processor for them to do themselves. That’s how their secretaries and paralegals do it – what does that tell you?

Reply
PaidToStayAway October 14, 2013 at 10:59 am

I argued this as far back as 1990, I was forcibly “retired” in 1992 because the then Acting Commissioner wanted to hear NO dissent. This state agency is STILL suffering from the mistakes made by this amateur in laying off, one way or other, all of the dedicated employees and bringing in his sycophants who had no experience..

Reply
Smirks October 13, 2013 at 9:18 pm

Considering it is the federal government and a health care facility, sensitive information should be encrypted quite well.

Unless someone as dumb as Haley runs their IT department. “Encryption? That isn’t an industry standard! It costs money and takes time! What could possibly go wrong?”

Reply
The Colonel October 14, 2013 at 5:07 am

Oh please Smirks, you sycophantic supporter of all “gubamint” health care solutions – ragging on anyone about the ineptness of their computer systems!?!

Lets look at a few “gubamint” health care system stories in today’s news:

“Obamacare enrollees become urban legend”: http://www.miamiherald.com/2013/10/13/3685595/obamacare-enrollees-become-urban.html

“How Obamacare’s Exchanges Turned Into A ‘Third World Experience'”: http://www.forbes.com/sites/theapothecary/2013/10/09/now-we-know-obamacares-exchanges-are-a-third-world-experience/

“Time Running Out for Obamacare Fixes”:
http://nation.time.com/2013/10/09/time-running-out-for-obamacare-fixes/

It is disgraceful that the VA has allowed veterans data to be compromised but not surprising at all. China hacked into he DODMERB system three years ago and stole who know how much data on students seeking to enter ROTC or the Military Academies, while they were at it, they had a little fun with the system, slowing medical approvals down for months. Computer networks are not safe, no amount of encryption will protect the record when the idiot clerk doesn’t encrypt the file when he or she transmits it. It’s time to start requiring a lot less “on line data” be kept on individuals.

The “stated reason” for having your records on line is to analyze trends and provide a holistic look at you health care. That simply isn’t happening as it should and all we’ve really done is made our records available to anyone who really wants them.

Reply
Smirks October 14, 2013 at 10:14 am

HIPAA has encryption requirements that it expects hospitals to follow, whether it is the VA or a private hospital. If someone’s not doing their job, they should be fucking fired. No amount of network security is going to prevent a computer from being physically stolen; at that point, encryption is essentially the ONLY defense for sensitive data.

The entirety of your post seems to be off-topic, but I’ll address each point anyways.

1) Most of the state exchanges had the same problem the federal exchange had. None of them were equipped to handle the traffic load for opening day. I don’t know why people bring up Facebook and Google as examples of what they should have been like because both of those sites have multiple gigantic datacenters that they have built over the years to handle the sheer amount of traffic they receive on a daily basis, spending untold millions to get to where they are, whereas the exchanges are mostly going to see huge amounts of traffic for about a month and then moderate traffic afterwards. And, of course, none of the policies that people enroll in will kick in until January 1st, and of course, open enrollment doesn’t end until March.

All that being said, I have read the opinions of several tech-savvy people, people who do web design, and the general consensus is that healthcare.gov could have been designed better, possibly to be less resource-intesive too. I do think things could have gone a bit more smoothly without spending gobs of money to do it.

2) Having systems compromised sucks, but the DOD is quite obviously a huge target for foreign nations, whether by little script kiddies who know their government couldn’t give a rat’s ass or by those very governments themselves. (I would argue SCDoR is the same way, although I was extremely dismayed to hear Haley not only admit to not using basic encryption policies, but actually attempt to justify it not being done.)

There is merit to running things like the VA behind an intranet and cutting it off from the world, but inevitably some device will be granted some kind of access to the internet and ultimately compromise the system. Keeping as much of the system behind the wall as possible is definitely a worthwhile goal, but I honestly don’t see a completely sealed network happening. I would also argue that it isn’t 100% safe either, not just because of the theft mentioned above, but because of other potential risks, such as leaked information from an employee, social engineering, some clod plugging in an infected MP3 player or flash drive into his work computer, etc.

3) I’d gladly trade Obamacare and the “health care industrial complex” for better reform that would actually direct the health care industry to serve the people rather than the middle men who seek to profit from those very people. That requires stringent regulation of a private market or a single-payer system. The rest of the industrialized world seems to dispense universal health care regardless of network security risks.

Reply
The Colonel October 14, 2013 at 11:04 am

DODMERB’s system was behind a combination 2048 bit encryption hard card PKI/password combination system.
Every DoD computer now requires a CAC card (2048 bit encryption with PKI) Regardless of the effort we put into “securing the network”, some weenie with a keyboard and a nefarious reason or nothing better to do will find a way to defeat it.
It’s time to get personal information off any internet or intranet unless assigned to a hard wired system.

Reply
? October 14, 2013 at 2:23 pm

“Regardless of the effort we put into “securing the network”, some weenie with a keyboard and a nefarious reason or nothing better to do will find a way to defeat it.”

lol…precisely. I know you might disagree, but some of them might not have a nefarious reason as well, but your point is valid none the less.

The Colonel October 14, 2013 at 2:29 pm

Totally agree that some of these weenies do it just for fun. One of my relatives is the corporate director of security for a international software and services company. They spend incredible amounts of money on security systems, software and devices and replace it every couple of years because they have an economic interest in protecting their data and systems. Gubamint doesn’t have the same interest so weenies and “evil weenies” hack their systems as a training ground.

? October 14, 2013 at 2:25 pm

“unless the intranet is assigned to a hard wired system”

Btw, that would be my assumption…but you are correct..if it was a wireless intranet it would be easier to compromise than hard wired.

Let’s face it, it’s all levels of security, but I’m just not convinced it isn’t altogether too easy when you have portals to the internet as part of the system.

scotty October 14, 2013 at 11:09 am

Computer thefts are small compared to the deaths of vets who were screwed over by the piss poor managers at Dorn, most of them have over 30 years service and still refuse to retire. Wrongful death cases are stacking up.

Reply

Leave a Comment