WASHINGTON — Sensitive medical records of the nation's 18 million military veterans could be at risk, and the Department of Veterans Affairs (V.A.) cybersecurity approach remains "inadequate" and "unfocused."
That assessment came Wednesday from the Chairman of the House Veterans Affairs Subcommittee on Technology Modernization.
Rep. Matt Rosendale (R-Montana) said improvement in cybersecurity at the V.A. has been "painfully slow."
"We need to see results and ensure accountability for everyone involved. We need to know what specific, measurable goals that V.A. is working on today that will make veterans data safer tomorrow," he said.
At the hearing – "Protecting Veteran Data from Evolving Threats" – lawmakers focused on a May Department of Veterans Affairs Office of Inspector General (IG) report.
That audit concluded that the V.A. "continues to face significant challenges meeting the requirements" of the Federal Information Security Modernization Act.
"Without proper safeguards these systems are vulnerable to intrusion by groups seeking to obtain this sensitive information or disrupt V.A. operations," said Michael Bowman, Director, Information Security Audits, U.S. Department of Veterans Affairs, Office of Inspector General.
The V.A.'s Assistant Secretary for Information and Technology and Chief Information Office said his top priority is safeguarding veterans' data, but he said current funding levels do not allow for enough cybersecurity employees.
"To answer your question directly, I do not think our budget is adequate to the task," said Kurt DelBene.
The IG report makes 25 recommendations.
