Oversight

Latest breach at VA has Congress asking more questions

privacy keyboard

The latest data breach at the Department of Veterans Affairs -- this one exposing thousands of veterans' personally identifiable information in a mid-January software glitch -- has Congress again questioning the agency about its IT security practices.

The Jan. 15 breach occurred when a bungled software update to VA's eBenefits system exposed at least 5,300 veterans' medical and financial information to the public, prompting House Veterans Affairs Committee Chairman Jeff Miller (R-Fla.) to seek answers from VA Secretary Eric Shinseki on Jan. 24.

Miller's letter requests detailed answers to 18 questions regarding the breach by Jan. 31. VA officials have attributed the mishap to a "software defect."

Miller's questions include how VA "identified and addressed the eBenefits 'software defect,'" whether anyone was penalized for failing for safeguard veterans personally identifiable information and how VA expects to prevent similar "software defects" from occurring in the future.

"Unfortunately, these types of breaches continue to occur on a regular basis at the VA despite VA's multiple assurances that its systems are secure," Miller stated. "The agency's information systems, including the eBenefits portal, continue to be afflicted by persistent information security weaknesses. Recognizing the importance of securing veterans' personal information, and minimizing the risk of serious consequences such as identity theft or other fraudulent activity, the Committee expects VA to take all steps necessary to strength security and privacy of the eBenefits portal."

Miller's letter is the tenth formal request for information from the Veterans Affairs Committee or one of its subcommittees since Oct. 22 regarding VA IT security procedures. VA's only response thus far was a preliminary answer to the committee's Oct. 22 letter, but the response from CIO Stephen Warren did not "sufficiently answer" all the questions posed in that inquiry, according to a Capitol Hill source.

Since June 2012, VA has 111 outstanding requests for information from Congress, including the eight made in October and November following revelations of multiple data breaches compromising VA networks since 2010.

Those inquiries were due in early November and are more than two months overdue, despite the VA Office of Information Technology allocating significant resources to responding to them. While VA's status regarding IT security is not clear, what is clear at the moment is that members Congress are growing increasingly frustrated with VA's delays. Miller has already taken to writing weekly letters to Shinseki calling for information -- an unprecedented step for the committee.

"The leisurely pace with which VA is returning requests -- and in some cases not returning them -- is a major impediment to the basic oversight responsibilities of the committee," a Capitol Hill official with knowledge of the inquiries told FCW on Jan. 14.

VA did not respond to FCW's requests for comment.

About the Author

Frank Konkel is a former staff writer for FCW.

Featured

  • People
    Dr. Ronny Jackson briefs the press on President Trump

    Uncertainty at VA after nominee withdraws

    With White House physician Adm. Ronny Jackson's withdrawal, VA watchers are wondering what's next for the agency and its planned $16 billion health IT modernization project.

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.