Wednesday, October 31, 2012
VA Computers Still Unencrypted After Six Years
Six years ago, the U.S. Department of Veterans Affairs spent almost $6 million on encryption software for its PCs and laptops following a breach. In 2006, an unencrypted external hard drive containing personal information on 26 million veterans was stolen from the home of an employee. The situation resulted in a $20 million remediation when the VA was forced to notify veterans and provide credit monitoring. The VA secretary ordered that all of the VA's computers be protected by encryption software.
Unfortunately, now an investigation by the VA's inspector general found that the encryption software has been installed on only 16% of the VA's computers. This came from an anonymous tip received 12 months months ago on the VA's complaint hotline, claiming that the encryption software was not being widely deployed. According to the IG's report the VA's Office of IT was at fault for inadequate planning and management of the project. Today, 335,000 licenses remain inactive, leaving those computers unprotected. "Veterans' data remained at risk due to unencrypted computers," the report states.