Audio: VA CIO Roger Baker's September IT report
Veterans Affairs Department Chief Information Officer Roger Baker spoke with reporters Sept. 28 about the department's monthly data breach report (.pdf). Scroll down to listen to a full recording of the call. The report covers data incidents from Aug. 1 through Aug. 28.
In the month of August, VA reported six low-risk data breach incidents and only one medium-risk incident. The medium-risk incident resulted from the use of digital radiology imaging system software that does not provide an alert when viewing sensitive records. This software deficiency was discovered at a Spokane, Wash. VA medical facility, where the staff reported the software was critical to patient care. The picture archiving communication systems manager resolved the incident by providing security training to staff and using an auditing feature in the software to detect its possible misuse.
VA's monthly data breach reports have been increasingly mundane, but Baker said he would like to see an increase in the number of incidents reported, as it could help promote a culture of security awareness.
There has been a significant decrease in the number of high-risk incidents that involve the disclosure of personally identifiable information, he said. "We're not seeing the kinds of breaches that cause an impact to veterans," said Baker during the call.
The regular reports have been useful for training purposes, he added. Real-life scenarios reported by VA's Data Breach Core Team are now incorporated into VA's required annual IT training for all employees.
- see the breach report (.pdf)