Finance and Accounting
Charles E. Gillman Company
Accounting Specialist Administrative & Professional
Jorgensen Brooks Group
Counselor Mechanical
Komatsu Equipment Co
Resident Field Mechanic Administrative & Professional
Tucson Urban League
CEO/President Trades/Construction
RANCHO RESORT
MAINTANANCE POSITION Sales and Marketing
Everready Glass
Sales Reps

WASHINGTON — An Alabama VA hospital that lost sensitive data on more than 1.5 million people in January repeatedly failed to follow privacy regulations leading up to the incident, according to an internal report.

The employee directly responsible for the data initially lied to investigators and deleted files from his computer in an effort to hide the magnitude of the problem, the Veterans Affairs inspector general wrote.

The vast majority of the data, including Social Security numbers and private health information, was not protected by passwords or computer encryption. It could be used to commit Medicare billing fraud or identity theft, the report said, and the employee should never have had much of it in the first place.

The report, released Friday, recommends "administrative action" against several employees, including the staffer, the managers of the program where he worked and the head of the Birmingham VA Medical Center.

VA spokesman Matt Smith said in a statement that the department agrees with the recommendations and will "work vigorously" to implement them.

"The VA strives to maintain the highest standard in safeguarding our veterans' personal information," the statement said.

The security breach occurred on Jan. 22, when employees discovered an external computer hard drive missing.

The VA has offered free credit monitoring to nearly 900,000 people whose Social Security numbers appear to have been compromised.