Two years after a major security breach compromised the personal information of over 4,000 veterans, the Department of Veterans Affairs (VA) continues to suffer from systemic “security weaknesses,” according to a new report from the Government Accountability Office (GAO).
“While the Department of Veterans Affairs (VA) has taken actions to mitigate previously identified vulnerabilities, it has not fully addressed these weaknesses. … Until VA fully addresses previously identified security weaknesses, its information is at heightened risk of unauthorized access, modification, and disclosure and its systems at risk of disruption,” the report found.
The VA has experienced multiple high-profile breaches in recent years, and the report cautions that unless it corrects “underlying” security vulnerabilities in its systems, breaches are likely to continue and could result in unauthorized access and disclosure of personal information.
Many of the weaknesses identified in the report are not new, but the inspectors say the agency has failed to sufficiently address some of the “previously identified vulnerabilities.”
The VA Inspector General released a report in February 2013 that identified deficiencies in “management controls intended to ensure that VA’s critical systems have appropriate security baselines and up-to-date vulnerability patches,” and made recommendations to resolve the problems.
The VA said they completed the recommendations and would continue to improve those security controls but the recent inspection found that the VA failed to deliver on that promise.