Veterans suspends some medical research
By BEN EVANS, Associated Press Writer
Fri Feb 16, 6:46 PM ET
http://news.yahoo.com/s/ap/20070216/ap_on_go_ot/vets_data_security
WASHINGTON - Veterans Affairs Secretary Jim Nicholson has suspended activities
at seven specialized research centers across the country after an unprotected
computer hard drive disappeared from one of the facilities in Alabama last
month.
In an internal memo obtained by The Associated Press, Nicholson called the
department's latest data breach "tragic" and ordered the VA's Research
Enhancement Award Programs to shut down until they are certified as meeting
security standards.
The research centers focus on studies involving large amounts of data. The
center in Birmingham, called the Deep South Center on Effectiveness, collects
data for improving quality of care.
Writing to VA's top management on Thursday, Nicholson also said the department
would begin unannounced inspections at VA sites nationwide.
"It is now clear to me that there are still too many VA employees, both in
senior positions and elsewhere, who either still do not comprehend the
seriousness of this issue, or who consciously disregard its seriousness," he
wrote.
Nicholson has come under sharp criticism on Capitol Hill in the past year over a
series of computer security failures that put sensitive personal information for
millions of veterans at risk.
In the latest incident, a backup hard drive containing data such as Social
Security numbers for up to 1.8 million veterans and physicians was reported
missing Jan. 22 from a research site in Birmingham, Ala.
As a federal investigation proceeds, officials have remained tightlipped about
the case. But in the letter, Nicholson wrote that the employee was a research
assistant and the hard drive may have been stolen. The VA acknowledged earlier
this week that the hard drive was not encrypted, a violation of the department's
policy.
"This represents a failure of leadership in overseeing data security at
Birmingham — a failure that may be widespread throughout our Department,"
Nicholson wrote.
VA officials have said the data on the missing hard drive, including for some
1.3 million non-VA physicians across the country, was being used for a study.
Similar sites are in Portland, Ore.; Denver, Colo.; East Orange, N.J.; San
Francisco, Calif.; White River Junction, Vt.; and San Antonio, Texas.
VA spokesman Matt Burns confirmed the letter Friday. He said the security
reviews would be expedited but that it is unclear how long the research would be
interrupted.
"The benefits of any research must be weighed against the importance of
protecting the information that's being used," he said.
The Birmingham disclosure comes after a string of similar incidents recently,
including the theft last spring of data on 26.5 million veterans from a VA
employee's home in Maryland.
In auditing the department's security procedures last year, federal
investigators found weak management and lax rules.
Nicholson said in August the agency would upgrade its computers with encryption
technology, making data unreadable for unauthorized users. The department also
recently hired an outside firm to improve employee practices.
House Veterans Affairs Committee Chairman Bob Filner (news, bio, voting record),
D-Calif., said this week he plans to hold a hearing on the Birmingham incident
later this month.
Rep. Artur Davis (news, bio, voting record), D-Ala., called Nicholson's actions
"good steps" but said the memo underscores the need for legislation
strengthening data requirements at government agencies.