an unauthorized Microsoft Access database was operating at the VA Long Beach Healthcare System (LBHCS). The allegations stated that the unauthorized database hosted Sensitive Personal Information (SPI) and all of the Veterans Health Administration’s 24 Spinal Cord Injury (SCI) Centers had access to the database through a SharePoint intranet portal. The anonymous complainants also stated that unsecured veteran SPI was stored on a server outside of VA’s protected network environment. The OIG substantiated the
Source: Report Summary