In a weekend update, VA Secretary Jim Nicholson said that an investigation led by the department's inspector general had concluded information on 535,000 veterans might have been kept on the drive, along with data on 1.3 million physicians not associated with the VA.

According to the office of U.S. Rep. Artur Davis, (D-Ala.), some of the veterans' information included names and matching Social Security numbers. The data on the doctors, said Davis in a letter posted to his Web site after a briefing by VA, included physicians' billing information and codes for Medicare services, which "could potentially be utilized for Medicare billing fraud."

According to the VA, the portable hard drive was reported missing by an employee at the Birmingham, Ala. VA Medical Center on Jan. 22. An investigation was launched the next day. Davis' district includes the city of Birmingham.

The announcement that nearly 2 million identities may have been on the drive was yet another embarrassment to VA, which last May announced that a laptop and hard drive containing 26.5 million personal records of current and former members of the military had been stolen. Although the hardware was later recovered, the incident led to a revamping of agency rules concerning information storage and use.

Nicholson again promised that his agency would lock down data. "VA is unwavering in our resolve to bolster our data security measures," Nicholson said in a statement. "We remain focused on doing everything that can be done to protect the personal information with which we are entrusted."