• Home
• Topics
  • Business and Finance
  • Chronic Disease Care
  • Consumer Information
  • Data Standards
  • EHRs and PHRs
  • Global Health
  • Health Plans
  • Hospitals
  • Meaningful Use
  • Mobile Health
  • ONC
  • Patient Safety
  • Physician Practices
  • Policy
  • Privacy and Security
  • Public Health
  • Telehealth
• Perspectives
  • Current Perspectives
  • Perspectives Archive
• Features
  • Current Feature
  • Features Archive
• Data Points
  • Current Data Point
  • Data Point Archive
• Special Reports
• Most Popular
  • Most Viewed
  • Most Emailed
  • Most Commented

EVENTS

View All Events

FROM THE FOUNDATION

Informing Choices, Improving Outcomes

The California Joint Replacement Registry collects data on device efficacy, surgical techniques, and patient outcomes for hip and knee replacements. A new report details how this CHCF-sponsored effort is faring.

Despite a high-profile data breach six years ago at the Department of Veterans Affairs, the agency has installed encryption software on only 16% of its computers, according to a report from the VA Office of Inspector General, InformationWeek reports.

VA's OIG launched an investigation after receiving an anonymous tip on the VA complaint hotline a year ago, alleging that encryption software was installed on only 40,000 computers.

Background

In 2006, an unencrypted external hard drive with personal data on 26 million veterans was stolen from a VA employee's home.

In response to the security breach, James Nicholson, then VA secretary, called for encryption software to be installed on all the agency's laptops and PCs (Wait, InformationWeek, 10/19).

VA purchased 300,000 encryption licenses in 2006 and purchased another 100,000 licenses in 2011, at a total cost of $5.9 million, according to the OIG report (Whiting, FierceGovernmentIT, 10/16).

The report comes after Roger Baker -- VA CIO and assistant secretary for VA's Office of Information and Technology -- in August said VA verified that 99% of agency laptops now are encrypted (iHealthBeat, 8/7).

Main Findings

In the report, which is dated Oct. 11, OIG said VA has installed and activated only 65,000 -- or about 16% -- of the Guardian Edge encryption licenses it purchased since the 2006 breach.

OIG said the figure is based on the number of computers that had logged onto the Guardian Edge/Symantec server over a three-month period earlier this year and could include duplicate counts for computers.

The unused 335,000 licenses have led to "about $5.1 million in questioned costs," and their inactive status means that "veterans' personally identifiable information remains at risk of inadvertent or fraudulent access," according to the report.

Encryption Barriers

Officials from VA's OIT told OIG auditors that the main reason for the lack of encryption was incompatibility issues between different VA computers and the encryption software.

According to OIG, "OIT discontinued installation of the encryption software until OIT could upgrade and standardize VA's computer equipment."

Recommendations

OIG recommended that VA's CIO assess the encryption software project to determine if the software still is compatible with VA systems and meets its needs.

OIT then should create a plan to install and activate the remaining licenses, according to OIG (FierceGovernmentIT, 10/16).

• Print
• Email
• Share
  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Digg

RELATED STORIES

10/18/2012

Hospital Medical Devices Could Be Vulnerable to Malware, Experts Say

10/12/2012

Report Calls for CMS To Improve its Response to Data Breaches

09/28/2012

GAO: Medical Devices Vulnerable to Hacking, Oversight Needed

MOST POPULAR ARTICLES

• 
• 
•