The Department of Veterans Affairs has reserved more than $20 million to respond to a recent data breach that could affect nearly one million VA physicians and patients, according to Bob Howard, the department's CIO, Government Executive reports.
The breach occurred in January when a hard drive was lost from a VA medical facility in Birmingham, Ala., and was not recovered. The hard drive included sensitive information on any U.S. physician who billed Medicaid or Medicare through 2004 and on more than 500,000 VA patients. "We have no evidence that [information is at risk]...but we don't take the chance," Howard said.
A group of about 650,000 physicians and 254,000 veterans in May were notified by mail of the breach and provided with credit monitoring services through a General Services Administration blanket purchase. The credit monitoring funds will be pulled from the VA's fiscal year 2007 cybersecurity budget, Government Executive reports.
Howard said the VA's health information system, called VistA, has weaknesses because it was built when the VA did not worry as much about security. He added that department officials are looking to expedite the modernization process of VistA, which is scheduled to last until at least 2015. The modernization update aims to protect the electronic health records and make them available on the system worldwide via the Internet.
The VA's joint project with the Department of Defense on an EHR system has improved the prospects of obtaining more resources from Congress for a VistA upgrade, Howard added. Investigators still are attempting to locate the hard drive and the FBI has offered a $25,000 reward for information leading to its location (Pulliam, Government Executive, 6/14).