By Linda Rosencrance
August 08, 2006
Editor's note: Due to an editing error, an earlier version of this story
incorrectly said the stolen computer was a laptop.
The U.S. Department of Veterans Affairs yesterday announced that a desktop
computer containing the personal information on 38,000 veterans is missing
from the office of Unisys Corp., the subcontractor hired to assist in
insurance collection for the VA's medical centers in Pittsburgh and
"VA's inspector general, the FBI and local law enforcement are conducting
a thorough investigation of this matter," Secretary of Veterans Affairs R.
James Nicholson said in a statement. Unisys told the VA on Aug. 3 that the
computer was missing from its Reston, Va., offices. The VA immediately
sent a team to Unisys to help search for the missing computer and to
determine exactly what information it contained.
The VA said it believes the data involved is limited to veterans who
received treatment at the two Pennsylvania medical centers during the past
four years. According to the agency, the desktop computer may have
contained patients' names, addresses, Social Security numbers and dates of
birth, the names of their insurance companies, billing information, dates
of military service and claims data that may include some medical
The VA estimates that the computer contained information on approximately
5,000 patients treated at a center in Philadelphia, approximately 11,000
patients treated at a Pittsburgh facility and about 2,000 deceased
patients. The VA is also investigating the possibility that the computer
contained information on another 20,000 people who received care through
the Pittsburgh medical center.
VA officials are also working with Unisys about notifying those who may be
affected and offering them credit-monitoring services.
Unisys officials today continued their search for the missing desktop.
The company can't say for certain that it was stolen and is not ruling out
the possibility that it had been misplaced. "We can't find it. It's
missing from where it's regularly housed and the building has been swept
several times," said Lisa Meyers, a company spokeswoman.
Unisys is continuing to review security tapes, records and logs and
conduct interviews. "It is ongoing," said Meyers of the company's search
for the desktop.
The Reston facility from which the computer disappeared has been used by
Unisys since June 2004, said Meyers. There have been no previous reports
of thefts from it.
The work being done for the VA wasn't classified, although Unisys does
work for other government agencies that is classified, and the building
has security guards working around-the-clock, with video monitoring of
exits and entrances -- including elevators -- as well as a need for key
The desktop data was not encrypted, and there was no requirement for that
under the government's contract, said Meyers.
In addition to alerting U.S. government authorities about the incident,
Unisys filed a report with the Fairfax County Police Department. A review
of two months' worth of weekly police reports posted online shows on
average about four computer thefts a week either from vehicles, residences
or offices in the county.
A police spokesman said there was no particular trend pointing to an
increase in computer thefts. The investigation is continuing, VA officials
"VA is making progress in efforts to reform its information technology and
cybersecurity procedures, but this report of a missing computer at a
subcontractor's secure building underscores the complexity of the work
ahead as we establish VA as a leader in data and information security,"
Nicholson said in the statement.
The loss of this computer comes just two days after Montgomery County
Police in Maryland announced the arrests of two men accused of stealing a
VA laptop and hard drive that contained identifying information on 26.5
million of veterans and active-duty military personnel in May.
That laptop was recovered in June, and the VA does not believe that any of
the personal information contained on it was compromised.
Computerworld's Patrick Thibodeau contributed to this report.
Visit the InfoSec News store!