Is it little more than basic human instinct to avoid trouble that causes people to do stupid things? An IT staffer at the VA has been accused of covering up the enormity of a data breach by trying to mislead investigators.
From Information Week:
Investigators are saying the IT specialist who lost the external hard drive at the U.S. Department of Veterans Affairs failed to follow procedures that would have protected the data, and then he deleted and encrypted files to hide the extent of the data loss.
However, the VA’s Office of Inspector General isn’t stopping there with its criticism. James J. O’Neill, assistant inspector general for investigations, wrote in a report that managers did not follow security policies, failed to physically secure the building, gave the IT specialist too much access, and were not even physically present to oversee daily operations.
The VA, which has been plagued by lost computers in recent years, had earlier revealed that in late January an employee at the Birmingham, Ala., VA Medical Center reported an external hard drive missing. That drive, said the worker, may have contained veterans’ personal files, some of which may have been stored on the drive in unencrypted form. The initial figures released to the public showed that 48,000 veterans’ records were on the drive, and as many as 20,000 weren’t encrypted.
Processes are in place for good reason. I can attest to that. This story is a perfect example of how things can spiral out of control.
[tags]VA, Major Data Loss, Veterans Affairs, Data Theft[/tags]