House Oversight and Reform Committee Republicans sent a letter to the VA on Oct. 20 regarding a recent data breach that exposed over 46,000 veterans’ personal information. Republicans on the committee were particularly concerned about hackers gaining entry into U.S. government systems to target veterans and entities assisting veterans.
The VA initially announced the attack on the morning of Sept. 14 after the VA’s Financial Services Center “determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the medical treatment of Veterans.”
Once the breach was discovered, the FSC’s application was shut down and the VA says it immediately notified everyone whose information was stolen. Additionally, the VA is offering free access to credit-monitoring services for anyone affected.
The VA notes that veterans who were not contacted by the FSC did not have their information stolen.
The VA looks to improve its cybersecurity
House Republicans were not the first to question the VA’s handling of the data breach, Senate Democrats sent a letter to the VA on Sept. 16 inquiring how the breach was allowed to occur and what steps the VA was taking to prevent another attack. Among those questions, “what actions is VA taking to assure community providers working with VA that doing business with the VA is safe and that their financial data will be secure?”
According to the VA’s new Chief Information Security Officer Paul Cunningham, the VA is currently exploring new ways to authenticate users in order to further protect its data. It remains unclear how long it will take for new security measures to be implemented.
Earlier this year, the VA also announced a proactive initiative aimed at improving the security of medical devices that are increasingly relying on internet connections to use and share relevant data.