In early 2006, the Department of Veterans Affairs (VA) suffered a loss of about 26.5 million Personally
Identifiable Information (PII) records belonging to servicemembers and their significant others. A VA analyst took home a laptop with an external hard drive that contained this private information. This information included names, Social Security Numbers (SSNs), birthdates, and some information regarding medical disability ratings. Total losses to government time and money accounted for approximately $100 million to $500 million. This incident occurred because of several failures in following protocols, and a lack of network and information security measures.
To ensure that the VA does not have another data theft incident like this one, there are home strategies that can be implemented. By implementing policies that control the use of VA owned computing
devices and media that contains sensitive information, there can be a legal standard set for employees to be bound by. In addition to that, the VA should adopt a training program on administration standards and procedures that can be executed on a large scale. As for the technological aspect of this situation, the Department of Veterans Affairs should enhance their cybersecurity operations. This could include enhanced encryption capabilities on data like Rivest-Shamir-Adleman (RSA), which is an asymmetric encryption standard that prevents all vulnerabilities when properly deployed. In addition to RSA, the VA could migrate to cloud computing which eliminates the possibility of a physical media loss.
Update policies to reflect standards for remotely using devices that can access or that contain
sensitive information.
Development of training program that documents understanding and ensures employees can adhere to VA policies and procedures.
Cybersecurity functions update which could include RSA encryption (or other encryption standards) for employee network access.
Migration to cloud computing for storage of sensitive data. Eliminates the need for physical storage.
