Review of Alleged Transmission of Sensitive VA Data Over Internet Connections
Veterans Affairs Office of Inspector General (OIG) sent this bulletin at 03/07/2013 06:59 AM EST
Having trouble viewing this email? View it as a Web page.
You are subscribed to Oversight Reports for Veterans Affairs Office of Inspector General (OIG). This information has recently been updated, and is now available.
03/05/2013 07:00 PM EST
The OIG evaluated the merits of an allegation that VA was transmitting sensitive data, including PII and internal network routing information, over unencrypted telecommunications carrier networks. We substantiated the allegation. OIT personnel disclosed VA typically transferred unencrypted sensitive data, such as electronic health records and internal Internet protocol addresses, among certain VA medical centers and outpatient clinics using an unencrypted telecommunications carrier network. OIT management acknowledged this practice, accepting the security risk of potentially losing or misusing the sensitive information exchanged via a waiver. However, the use of a system security waiver was not appropriate. Without controls to encrypt the sensitive VA data transmitted, veterans’ information may be vulnerable to interception and misuse by malicious users as it traverses unencrypted telecommunications carrier networks. Further, malicious users could obtain VA router information to identify and disrupt mission-critical systems.
Update your subscriptions, modify your password or e-mail address, or stop subscriptions at any time on your Subscriber Preferences Page. You will need to use your e-mail address to log in. If you have questions or problems with the subscription service, please contact support@govdelivery.com. All other inquiries can be directed to vaoig.reportsstaff@va.gov.
This service is provided to you at no charge by Veterans Affairs Office of Inspector General (OIG).
