VA Has Not Corrected Security Problems

Two years after a major security breach compromised the personal information of over 4,000 veterans, the Department of Veterans Affairs (VA) continues to suffer from systemic “security weaknesses,” according to a new report from the Government Accountability Office (GAO).

“While the Department of Veterans Affairs (VA) has taken actions to mitigate previously identified vulnerabilities, it has not fully addressed these weaknesses. … Until VA fully addresses previously identified security weaknesses, its information is at heightened risk of unauthorized access, modification, and disclosure and its systems at risk of disruption,” the report found.

The VA has experienced multiple high-profile breaches in recent years, and the report cautions that unless it corrects “underlying” security vulnerabilities in its systems, breaches are likely to continue and could result in unauthorized access and disclosure of personal information.

Many of the weaknesses identified in the report are not new, but the inspectors say the agency has failed to sufficiently address some of the “previously identified vulnerabilities.”