The Veterans Affairs Department is immediately shutting down one of its cloud applications after information was stored without proper data security controls.
The cloud application was on a Yahoo website that VA doctors used to store patients’ medical information.
According to a VA report, notifications of a possible security breach will be sent to nearly 900 patients.
The application contained information like the full names of patients, the dates and types of surgery, and the last four digits of patients’ Social Security numbers.
VA information security employees noticed the “mishandling of electronic information” in late November, when they realized that doctors and employees in the orthopedics department of a VA hospital were updating a calendar of patient information on a Yahoo.com cloud application.
The hospital had been using the calendar since 2007. Several different doctors accessed the application using the same password, which had not been changed in three years.
The VA’s National Security Operations Center ordered all of the information to be deleted and the calendar to be shut down on Nov. 24.
VA Assistant Secretary for Information and Technology Roger Baker says the incident shows the need for better, more secure IT tools for employees.