The largest health care provider in the United States with 8.8 million patients, the Veterans Administration (VA) is grappling with a series of breach violations of its health records.

The VA is an early pioneer in keeping health records electronically, a goal envisioned and empowered by Obamacare for all health care providers. Now, it turns out that the use of e-PHI (protected health information) might be leading to theft of data and both reported and unreported breaches.

The VA admits to 14 major breaches, involving 500 or more individuals each time, since 2009. The Tribune-Review of Pittsburgh, following its own investigation, claims that from 2010 until May 31, 2013, the VA experienced 14,000 privacy violations of various sizes at 167 VA facilities, involving 101,000 veterans and 500 employees.

(To gain some perspective, the VA maintains 1,700 facilities and employs 225,000 people.)

In some of the worst cases, however, The Tribune-Review reports that anatomical photos of some patients were posted on social media sites and stolen IDs were used for fraudulent credit cards. The newspaper claims that many violations occurred because of easy access to electronic files, but the VA claims that most violations involve paper records.