The Veterans Administration (VA) maintains large amounts of records that allow it
to manage its finances, oversee its employees, deliver health care to military
veterans, and pay benefits. The VA has not taken sufficient steps to protect
electronic data that it maintains. It has caused invasions of the privacy of
employees and put at risk the privacy of American veterans.
Testimony in September 2000 revealed to the House Veterans Affairs Committee
that a security company hired by the VA's Office of Inspector General had no
trouble breaking in to the VA's computer system and taking total control of it.
An assistant inspector general at VA was reported saying that the hackers "owned
the system" and that the VA didn't even know its systems were attacked. The
hackers-for-hire had access to the confidential data of veterans, including their
personal histories, and medical and financial information, in addition to VA's
internal data and business systems.
As comprehensive as the databases at the VA are, they are ripe targets for
people who may collect personal information from them and use it to harm American
veterans and their families. Poor computer security at the VA allowed employees
to write themselves more than $1.2 million in fraudulent benefit checks, and dozens
more fraud cases have been reported under investigation.
In November 2000, the VA was sued under the Privacy Act by a group of employees.
They alleged that an internal patient record system at VA allowed employees'
personal information to appear along with medical information about patients.
VA employees allegedly used the system routinely to look up personal and private
information about their colleagues.
Veterans Department Sued by Employees Over Breach of Privacy by D.
Ian Hopper, Associated Press (November 3, 2000) [excerpt]
Hearing II on Information Technology House Committee on
Veterans’ Affairs, Subcommittee on Oversight and Investigations (September 21, 2000)
Technology: Progress Continues Although Vulnerabilities Remain, Testimony of
Joel C. Willemssen, director of civil agencies information systems, before the
Subcommittee on Oversight and Investigations, House Committee on Veterans' Affairs
(September 21, 2000)