Unit 2 Assignment 1 Executive Summary on Veteran’s Affairs and Loss of Private information
On May 3, 2006 an analyst took home a laptop and hard drive with personal data that was unencrypted. Another thing was that he had been doing this for the past three years. This was a mistake on the part of the data analyst because the information requires strict protection according to HIPAA act. According to the study he had permission to take the laptop and hard drive home from his supervisor. The information was stolen from his residence which he reported immediately to the local law enforcement and his immediate supervisor. Unfortunately his supervisor did not escalate it in a timely manner which was another mistake made in this situation. Auditors informed the Veterans affairs of the lack of cyber security, the agency took a lackadaisical approach to fixing the problems. The agency waited until May 22, 2006 to inform the people that were affected by the loss of information. If the security measures were in place the loss would have been a lot less. The cost was estimated between 100 million and 500 million. The information should have as a minimum been encrypted allowing protection, and making it harder for someone to retrieve the data off both the laptop and the hard drive. This would allow them the ability to mitigate the loss of data. The Veterans affair needs to implement a security plan and also conduct annual training. This would ensure compliance with securing sensitive data and the ability to protect it. The cost of both the encryption and the security plan would be less than the cost of this incident happening again. A plan should be put in place for the auditors’ suggestions and be looked at by a council and implemented as soon as possible if warranted.
