A regional Veterans Affairs Department in Milwaukee mishandled patients personal data, leaving medical records, internal communications and other information available for unauthorized personnel to access, according to Nextgov.
The VA Inspector General found that the regional office was strong patient data on two shared drives through the Veterans Benefits Administration's network. A whistleblower alerted the inspector general of this in September 2018. Because the data was being stored on open networks, around 25,000 remote users could access patients' sensitive information.
"The inadequate protection of sensitive personal information places veterans' data at risk and could undermine the credibility of VBA and [veteran service organizations] in positions of trust," the inspector general said in a statement, according to Nextgov. "Veterans should have confidence that their sensitive personal information is handled strictly in accordance with federal laws and VA regulations."
Patient data that may have been exposed included medical records, information about medical examinations and disability claims decisions, and veterans' statements in support of their claims. Additionally, patients' names, addresses, dates of birth and phone numbers may have been affected. The information stored in the shared drives dated back to 2016.
It's unclear how many patients had their data exposed. In the report, investigators determined that the VA mishandled the information due to negligence, poor technical controls and insufficient oversight.