In 2006 the VA experienced one of the largest data breaches ever when 26 million veterans records were stolen from an external hard drive. After the event VA officials called for the installation of encryption software on all of VA’s hardware. 6 years later how are they doing?
“In the report, which is dated Oct. 11, OIG said VA has installed and activated only 65,000 — or about 16% — of the Guardian Edge encryption licenses it purchased since the 2006 breach.
OIG said the figure is based on the number of computers that had logged onto the Guardian Edge/Symantec server over a three-month period earlier this year and could include duplicate counts for computers.
The unused 335,000 licenses have led to “about $5.1 million in questioned costs,” and their inactive status means that “veterans’ personally identifiable information remains at risk of inadvertent or fraudulent access,” according to the report.”
Not good. Not only is this a security failure its a budgetary failure. You think the scars of such a healthcare large data breach would teach them a lesson. You’d think…
Read the whole story and report “Most VA Computers Unencrypted, Despite Mandate, Report Finds”