Congressman Mike Bost | Congressman Mike Bost Official U.S. House Headshot
Congressman Mike Bost | Congressman Mike Bost Official U.S. House Headshot
Rep. Matt Rosendale, Chairman of the House Committee on Veterans’ Affairs Subcommittee on Technology Modernization, initiated a hearing focused on the cybersecurity measures in place to protect veterans' data at the Department of Veterans Affairs (VA). The hearing, titled "VA Cybersecurity: Protecting Veteran Data from Evolving Threats," addressed ongoing concerns about data breaches within the healthcare sector.
Rosendale highlighted the increasing frequency and sophistication of cyberattacks targeting healthcare organizations, including VA. He noted that over 519 million health records have been compromised in data breaches over the past 15 years. He emphasized the responsibility to safeguard sensitive information held by VA and its contractors for millions of veterans and their families.
"Congress has consistently provided the cybersecurity resources that VA requests," Rosendale stated, pointing out that while the overall budget for VA's Office of Information and Technology remains stable this year, cybersecurity funding has increased by $110 million to a total of $707 million.
The hearing examined whether these resources are being utilized effectively. According to VA’s Office of Inspector General (OIG), progress in improving cybersecurity has been slow. The Federal Information Security Modernization Act (FISMA) audit revealed recurring issues that have not been resolved despite longstanding awareness.
MITER Corporation's assessment, commissioned by Congress through the Strengthening VA Cybersecurity Act of 2022, identified numerous problems with VA's cybersecurity framework. Rosendale acknowledged obtaining access to MITER's report after discussions with Secretary McDonough. While he refrained from discussing specific vulnerabilities publicly, he stressed that security should not be used as an excuse to avoid accountability.
MITER's findings indicated gaps in governance, processes, communication, staffing, and improper configuration of advanced cybersecurity tools. The uncoordinated expansion of cloud computing was also cited as a factor contributing to security gaps.
Rosendale urged Mr. DelBene and his team to address MITER’s findings promptly and underscored the importance of transitioning towards a Zero Trust cybersecurity posture at VA. "Zero Trust means no user or system is trusted by default," he explained, emphasizing that tangible benefits must be realized to protect veterans’ data effectively.
The hearing aimed to ensure accountability and results in safeguarding veterans' information against cyber threats.
Alerts Sign-up