http://www.washingtonpost.com/wp-dyn...080701086.html

Data on 38,000 Patients at Pa. Hospitals May Be Compromised


By Christopher Lee
Washington Post Staff Writer
Tuesday, August 8, 2006; Page A19

Another Department of Veterans Affairs computer is missing -- this one containing the personal information of as many as 38,000 patients at VA hospitals in Pennsylvania, the department said yesterday.

The FBI and the VA inspector general are investigating the disappearance last week of a desktop computer from the Reston office of Unisys Corp., a subcontractor that assists in insurance collections for VA medical centers in Philadelphia and Pittsburgh, VA Secretary Jim Nicholson said in a statement. Local police also are working the case.

Unisys notified VA on Thursday, and the department dispatched a team to investigate what happened and what information may have been compromised.
Early indications are that the missing records involve veterans treated in the past four years at the two Pennsylvania medical centers, including 5,000 patients in Philadelphia and 11,000 in Pittsburgh, as well as 2,000 other patients who have died, Nicholson said. VA also is investigating whether the computer contained information on 20,000 other veterans treated in Pittsburgh.

The computer is believed to have contained unencrypted patients' names, addresses, Social Security numbers, birthdates, insurance information, dates of military service and claims data that may include medical information, the department said.

Users need a password to gain access to the computer, which was in a cubicle in an area where identification badges are required, according to VA officials.

The data breach follows the disclosure in May that a laptop and an external hard drive containing sensitive personal information on 26.5 million veterans and active-duty military personnel had been stolen from the home of a VA analyst. Authorities later recovered the computer equipment and said the data had not been accessed. Police charged two men with the theft Saturday and said it appears to have been an ordinary burglary.

Joe Davis, a spokesman for the Veterans of Foreign Wars, a veterans service organization with 2.4 million members, said his group learned of the theft Friday evening. "The VFW is insisting that the administration pay for a free credit-monitoring service for those thousands of veterans who may be at great risk to identity theft and fraud through no fault of their own," Davis said.

Edward Davies, a managing partner a Unisys Federal Systems, said the company would offer free credit monitoring to veterans but it had not determined how long the service would last or who would provide it.

"We've been analyzing the various mechanisms to get that in place and talking to the major providers of those services," Davies said. "We do not have anybody under contract yet. We're getting close."

Jag