The majority of data breaches at the Veterans Affairs Department are due to careless errors, or what VA Chief Information Officer Roger Baker often calls "stupid human tricks." As a result, the annual training required of VA employees is continually tailored to address the data incidents at the department, Baker said during a press briefing March 30.

"As with any huge operational organization, you continue to refine your processes and in some ways--this was my experience at Visa--you cannot forecast everything. What you can do is learn from the things that you see and try to keep the things that you've seen from occurring again," said Baker.

The department is asking facility directors and privacy officers to examine the recurring problems that cause breaches, including policies that may need additional focus.

The latest VA data breach report (.pdf )--covering incidents from Jan. 31 to Feb. 27--marked an increase in data breach incidents at VA, compared to the previous two months.

"You know, it's a relative thing. If I had this report a year ago, I would have told you it was a boring report," said Baker.

There were 32 more incidents reported by VA for February than in January, but both months had no incidents at the "high" risk level for compromised data. While VA has managed to gradually curb the number of IT incidents and the risk level, issues with lost and stolen information, particularly paper-based information, continue.

"We're trying to make certain that, if you will, the physical media things don't occur anymore either," said Baker.

Among the incidents reported in VA's latest report was a lost box of 50 to 75 Veteran Identification Cards and a packet of information containing 1,629 patient names, SSNs and appointment dates left in a VA vehicle for almost four months.

For more:
- see the VA incident report (.pdf)
- listen to the press call

Related Articles:
Audio: VA CIO Roger Baker's January IT report
Cloud technology, smaller electronic devices present security challenges at VA 
Audio: VA CIO Roger Baker's December IT report 
VA establishes six IT 'design principles' 
Q&A: Roger Baker on the future of VistA and VLER