VA Exposes Sensitive Veteran Data to Thousands of Unauthorized Employees - October 18, 2019
By Jack Corrigan, NextGov
A regional office of the Veterans Affairs Department mishandled its patients’ personal data, leaving medical records, internal communications and other sensitive information accessible to thousands of unauthorized agency personnel, according to an internal watchdog.
According to the VA Inspector General, the agency’s Milwaukee regional office was storing personally identifiable information on its patients in two shared drives on the Veterans Benefits Administration’s enterprise network. The security lapse, first flagged by a whistleblower in September 2018, left the data exposed to more than 25,000 remote users across the country, many of whom had no need to access the information, auditors found.