Skip to content
Awareity
Awareity
Primary Navigation Menu
Menu
  • Home
  • About
    • About
    • Awareity Butterfly Effect
    • Contact
    • Support
  • Solutions
    • Information Security Training
      • Information Security Awareness Training
      • Awareness and Accountability Vault (AAV)
    • Prevention and Connecting the Dots Platform
    • First Preventers Framework
    • Prevention and GAP Assessment
    • Threat Assessment Teams
    • Climate Surveys
    • Resellers
    • Industries
      • K12
      • Higher Education
      • Diocese
      • Healthcare
      • Government
      • Corporate
  • Blog
  • Info Request

Veterans Affairs: Why Not Implement Data Breach Lessons Learned?

By: Awareity
On: August 26, 2010

 

Dissemination vs. Implementation

The Veterans Affairs Department recently announced they will be publishing monthly online accounts of data breaches and lost BlackBerrys and laptops in order to improve accountability and increase transparency.

What was shocking to me was that from April through July of this year, the VA has lost 72 BlackBerrys and 34 laptops.  Patient information has been sent to the wrong address or mailed incorrectly 441 times.  There were 9,746 breach incidents involving notifications to patients and 2,501 incidents in which credit reporting was required.

Almost 10,000 breach incidents in 3 months!  What is wrong with this picture?  Instead of just disseminating data breaches after the fact, what if the VA actually explained and implemented lessons learned and took proactive steps towards prevention? 

I think the VA needs to ask a couple of questions:

1)      Why are so many handheld devices and laptops being lost?  Are there ways we can educate our employees on best practices for protecting devices?  Are there consequences?

2)      With so many devices and laptops lost each month, how do we ensure these devices are protected with encryption?  Are employees taking home sensitive information that should not be placed on personal devices? Do employees know what information is sensitive?

3)      What should be done to improve efficiencies in the mail room and prevent mailing errors with patient information?  How do we know there were only 441 errors; were these just the mistakes that were caught?

4)      How can we implement ongoing awareness and educate our employees (and third-parties) on protecting sensitive information?

 

Breach notifications are expensive.  Credit reporting is expensive.  Replacing BlackBerrys and laptops is expensive.  Correcting errors and re-mailing information is expensive.

Prevention is a lot less expensive for the Veterans Affairs and a lot less expensive for us tax payers too… is anyone interested in implementing lessons learned?

2010-08-26
Previous Post: SEC Creates Bounty for Whistleblowers?
Next Post: Whistleblowers, Incident Reporting and Incident Management…Is your Health Care Organization Ready?

READ MORE:

WATCH MORE:


Get Solutions For Your Challenges!
 
 
 
 
 
 
Don't worry, we will only call if you request "Phone" as your contact preference. We hate spam calls too!


Not seeing the form to request information? Drop us a line and we'll send you more information!

Recent Blog Posts

Bad News, Good News, and Better News

March 1, 2023

Lawsuits and Settlements Trending Sky High

February 17, 2023

Oklahoma State Department of Education Launches Awareity’s Prevention Platform & Tools

November 10, 2022

A Screw In Your Tire & Pre-Incident Prevention

August 23, 2022

When You Don’t Know What Others Know…Bad Things Can Happen (and are happening)

June 10, 2022

Support

Need more information on
Support for AAV or TIPS?

Click here

What are you looking for?

Connect the Dots With Us!

| |

Designed using Dispatch Premium. Powered by WordPress.