Report: VA still not doing enough on ID theft

Report: VA still not doing enough on ID theft
By Hope Yen - The Associated Press
Posted : Wednesday Sep 19, 2007 18:33:24 EDT

Veterans’ personal data and health information remain at risk of identity theft because the Veterans Affairs Department has yet to implement several safety measures, government investigators said.

The report by the Government Accountability Office, released Wednesday, comes more than a year after the VA pledged renewed security efforts after the loss of personal information for 26.5 million veterans and active-duty personnel.

It found that VA had not yet fully secured access to its computer network and department facilities nor worked to ensure that only authorized changes and updates to VA computer programs were made.

Moreover, VA has operated without a chief information security officer since June 2006 to oversee changes and still lacks clear and adequate procedures for quickly notifying veterans when their sensitive data is lost, the report said.

“Because these recommendations have not yet been implemented, unnecessary risk exists that the personal information of veterans and others, such as medical providers, will be exposed to data tampering, fraud and inappropriate disclosure,” investigators said.

Responding, VA Deputy Secretary Gordon Mansfield said he generally agreed with the findings but insisted that VA’s data security was “legally adequate.” Many of the recommendations, which were proposed a year ago by the GAO and VA inspector general, were in the process of being implemented, he said.


Rest of article at: http://www.navytimes.com/news/2007/09/ap_identitytheft_070919/


uhc comment: WTF does “legally adequate” mean? Gimmeafuckingbreak.