A government watchdog says the Veterans Affairs Department has been sending sensitive data—including electronic health records—over unencrypted networks, making them vulnerable to theft or misuse.
The VA's inspector general says it has been common practice for the agency to send the unencrypted data to outpatient clinics and private contractors, contrary to federal rules that require a higher level of security.
The information included veterans' and dependents' Social Security numbers, dates of birth and other private health data. No security breach occurred.
The inspector general is recommending the agency put in place the necessary controls and train its personnel on understanding the importance of encrypting sensitive information.
VA officials say they agree with the report's recommendations and will take corrective action.
Explore further: NASA computer servers vulnerable to attack: audit