"VA's Inspector General, the FBI and local law enforcement are conducting a thorough investigation of this matter," said the Honorable R. James Nicholson, Secretary of Veterans Affairs.
Initial estimates indicate the desktop contained information on approximately 5,000 patients treated at Philadelphia, approximately 11,000 patients treated at Pittsburgh, and approximately 2,000 deceased patients. VA is also investigating the possibility the computer may have contained information on approximately another 20,000 people who received care through the Pittsburgh medical center.
While the investigation is in an early stage, VA believes the records involved are limited to people who received treatment at the two Pennsylvania medical centers during the past four years. It is believed the desktop computer may have contained patients' names, addresses, Social Security Numbers, dates of birth, insurance carriers and billing information, dates of military service, and claims data that may include some medical information.
In May, a laptop computer and external hard drive were stolen from the Maryland home of an employee of VA. The laptop and hard drive were later recovered. As in May, VA is working with Unisys regarding the offer of credit monitoring and individual notifications to those who may be affected.
"VA is making progress to reform its information technology and cyber security procedures, but this report of a missing computer at a subcontractor's secure building underscores the complexity of the work ahead as we establish VA as a leader in data and information security," Secretary Nicholson added.
