Second stolen computer with VA data recovered
Connecting state and local government leaders
The recovered desktop PC stolen from Unisys Corp. had personal data for 16,000 patients treated at medical centers in Philadelphia, Pittsburgh.
Law enforcement has recovered the desktop computer stolen from Unisys Corp. that contained personal information of about 16,000 patients treated in Veterans Affairs Department medical centers in Philadelphia and Pittsburgh, according to a joint announcement from the FBI and VA's Office of Inspector General.
Khalil Abdullah-Raheem of Washington, who worked for a company that provides temporary labor to Unisys, was arrested and charged yesterday in federal court with theft of government property. A judge released him on his own recognizance after he posted a $50,000 bond.
VA secretary Jim Nicholson praised the investigative work of the FBI and VA's Office of Inspector General.
'It appears that the Unisys computer was not targeted for the veteran information it may have contained,' Nicholson said in a statement.
The VA data contained insurance claim information with names, addresses and personal identifiers, VA said. The FBI is conducting a forensics analysis to determine whether VA data was compromised.
'The recovery of the computer is a shining moment for both the FBI and Office of the Inspector General for the U.S. Department of Veterans Affairs,' said Sen. Larry Craig (R-Idaho), chairman of the Senate Veterans Affairs Committee. 'This is the second time law enforcement has come through. Let's hope there is no need for a third time.'
The recovered computer was stolen last month from the Unisys office in Reston, Va. The alleged thief was working there temporarily as a building maintenance employee, Craig said. The company had offered a $50,000 reward for information leading to the recovery of a missing desktop computer.
Unisys had observed security controls, but there was no requirement to encrypt the data, Unisys spokeswoman Lisa Meyer has said.
'The building and floor where the computer was located require security protocols for physical access. Log-in and password protocols also were required to access the data, which were stored in a database on the computer,' she said.
Since the previous theft of a laptop computer, which was recovered and which contained information on millions of veterans and active-duty personnel in May, VA has taken steps to tighten computer security.
The agency has contracted with Systems Made Simple Inc. of Syracuse, N.Y., to encrypt the hard drives of all VA laptop computers and mobile devices. The agency has also contracted with ID Analytics of San Diego to provide data analysis of information on veterans, which may have been made public by the thefts of two VA computers.
The Office of Management and Budget responded to data breaches at VA and several other agencies with guidance that strengthens IT security provisions aimed at protecting data outside of department premises and accelerating reporting of data compromises.
Lawmakers also crafted legislation to tighten agencies' data security. The House Veterans Affairs committee has sent to the full House for consideration the Veterans Identity and Credit Security Act. House Government Reform Committee chairman Tom Davis (R-Va.) introduced the Federal Agency Data Breach Notification Act, which calls for the agency CIO to enforce data breach policies and defines sensitive personal information as any information contained in a record.
NEXT STORY: E-Authentication maps out its future