OIG: Veterans Benefits Management System Not Fraud Proof

Veterans Benefits Management System

Benjamin KrauseWatchdog says VA failed to protect its Veterans Benefits Management System (VBMS) against fraud using a standard audit log feature.

The VBMS system was supposed to be the silver bullet fixing the backlog of benefits claims back in 2013. Former Under Secretary Allison Hickey repeatedly told Congress this system would fix all problems. That fix cost taxpayers over $1 billion.

RELATED: VBMS Backlog Fix Cost Taxpayers $1 Billion

For that kind of money, is it too much to ask for that VA would ensure the system had a standard audit log to prevent fraud? Don’t veterans deserve protections against fraudulent or careless VA employees?

Last year, VA OIG received an anonymous complaint that alleged the Veterans Benefits Administration failed to integrate audit logs into its VBMS system. OIG confirmed the allegations publicly yesterday.

RELATED: What Do VBMS And Sexting Have In Common?

That system was designed to replace paper claims, but some were skeptical of the agency’s ability to protect veterans against fraudulent intentions of dishonest VA employees. Historically, VA employees have shown a tendency to shred or alter veterans claims files. The move to electronic claims would lend itself to employees merely hitting the “delete” button.

The new report shows VBA failed to protect veterans against such fraudulent intentions. The standard audit log would track who accessed the file when. This audit is required for information security officers to protect against fraud.

During the investigation, VA employees were able to access veterans files without being tracked, and even OIG was unable to tell exactly how the employees were untrackable.

Does this surprise anyone?

VETERAN BENEFITS MANAGEMENT SYSTEM AUDIT

 

The OIG report summary says:

“In April 2015, the Office of Inspector General (OIG) received an anonymous allegation that the Veterans Benefits Administration (VBA) failed to integrate suitable audit logs into the Veterans Benefits Management System (VBMS). We substantiated the allegation that VBA failed to integrate suitable audit logs that clearly reported all security violations occurring in VBMS. We tested the existence and accuracy of audit logs by having 17 employees at 3 VA Regional Offices (VAROs) attempt to access same station veteran employee compensation claims in VBMS. Although audit logs identified security violations for 15 of the 17 employees, the logs did not show that the security violations occurred within VBMS. Instead, the audit logs indicated that the violations occurred in the Share application used by VARO employees or an unknown system. The other two employees did not appear on the audit logs. We could not determine why the two employees did not appear on the audit logs. This occurred because VBA officials did not develop sufficient system requirements to ensure that audit logs exist and are accessible to Information Security Officers (ISO). As a result, ISOs were unable to effectively detect, report, and respond to security violations occurring within VBMS. Until VBA resolves this issue, its VAROs will be more susceptible to fraudulent compensation claims processing. We recommended the Acting Under Secretary for Benefits develop system requirements for integrating audit logs into VBMS. We also recommended the Assistant Secretary for Information and Technology integrate audit logs into VBMS based on the requirements provided by the Acting Under Secretary for Benefits. Finally, we recommended the Acting Under Secretary for Benefits test the audit logs to ensure the logs capture all potential security violations. The Acting Under Secretary for Benefits and the Assistant Secretary for Information and Technology concurred with our recommendations and provided acceptable corrective action plans. We will monitor their implementation. The Acting Under Secretary also provided technical comments, which we took into consideration.”

Source: https://www.va.gov/oig/publications/report-summary.asp?id=3739

Similar Posts

31 Comments

  1. This is exactly what’s going on with my case for almost 15 to 20 years it’s not fair to the veteran are his family who has to suffer. We need help someone who will get this monster of a mess straight.

  2. @namnibor & 91Veteran
    Have y’all googled the article with the voice recording of President Kennedy?
    Although the title is for Trump. The article with voice recording is mainly about how the news medias aren’t fulfilling their Constitutional Duty and Obligations to the citizens of America!
    It should bring shivers down the backs of your necks. I know it did mine.

    Again, the title is;

    “Donald Trump Has the Chance to Complete the Unfinished Work of JFK”

    by “The Dave Hodges Show”
    1 May 2016

  3. This article, and “voice recording” of President Kennedy, goes along with what many of us have complained about for some time now. Especially when it pertains to the News Medias “biased and false reportings!”
    After y’all have read, and especially listened to the recording, this may be one of the reasons why President Kennedy was assassinated.
    Titled;

    “Donald Trump Has the Chance to Complete the Unfinished Work of JFK”

    from;
    “The Dave Hodges Show”
    1 April 2016
    And NO, my Brother’s and Sister’s, this is NOT an “All Fool’s Day” joke! Send it off to your news sources. Send it to your friends and relatives. Send it to those too young to remember a Great President!
    Let everyone know how much our news sources have become liars and cheaters! Let them know they’ve forgotten these words of how they are supposed to report the truth!
    They’ve forgotten their duty and responsibility to the citizens!

    1. @Bruce Wallace
      I read your comment.
      The news source(s) should be ashamed! I read something about that from “Military dot com” a day or two ago! The writer even called it B/S!
      Those “Service Animals” provide much needed therapy for vets with PTSD.
      In my opinion, McDonald is a fucking fool. If he stops this program. He will, or should, be vilified even more by veterans!
      I hope you listen to the voice recording of President Kennedy!

    2. Correction, The date should read
      -‘1 MAY 2016″-

      I’m kinda tired today. Haven’t slept well for a few days.

    1. James, yesterday on Saturday (April 30?) Fox News ran a long story about how supposedly “paranoid” PTSD vets may not really benefit from service-dogs and how having a service-dog even makes their paranoia worse, along with other BS like this kind of veteran and dog combination is dangerous to society, so it was total bullshit. If you have anyone in mind who can bring pressure down on Fox for running a story like that, maybe you and Ben can now that I think about it, thousands of vets who have service-dogs would love to see that happen. It made vets with PTSD look like dangerous paranoid maniacs who use service-dogs as dangerous threats and weapons, plus they even strongly suggested that it makes their ptsd worse. Pure shit of course, along with the shocking statistic they used that said only 50 vets have gotten a service-dog from the VA, and of course this story was ran with the strong message that vets should not be able to have a service-dog or any kind of dog because we are all a bunch of useless and dangerous paranoid psychos. Fucking Fox News editors that let that shit on the news, no doubt because Secretary Bob sent someone there a big check. Fuckers!

      1. There was a local story here not long ago that talked about how Veterans are more apt to acquire a proper service animal through *private non-profits and donations* before the VA ever actually comes through and approves. I remember the cost of acquiring a properly trained service dog was pretty high and I specifically remembered this Ohio Vet that ha been promised help from various VSO’s and he even had been waiting -4- freaking years for the VA to approve a wheelchair ramp on his house…guess what? It was a local non-profit branch of Habitat For Humanity members, on their own free time and $, that built that wheelchair ramp for that Vet and last follow-up he was still lost in the VA screwing-up paperwork, wording, to get his Service Dog approved.
        Now, the VA is trying to claim it makes things worse?
        Huh?!
        Let’s see: The Mayo Clinic, and Cleveland Clinic, just two major medical researchers, respected amongst the World Medical Community, believes strongly that Therapy/Service Animals are extremely beneficial for PTSD and other ailments.

        The VA is just trying to push Big Pharma and VA Haitian Voodoo Medicine.

      2. I did a search using Fox news service dog, and am reading a Fox News article about the VA doing a study on vets with PTSD and service dogs.

        If you read the article, there are many reasons why this is a story, and essentially comes down to two things: 1. Cost to the VA and 2. Shrinks protecting their turf.

        The article does like many articles do that are against veterans and pushed by the VA…it starts off with a veteran that gives every appearance of acting way differently than the typical veteran with PTSD and a service dog. This is the very first I have heard of a veteran using his dog to clear a restaurant before he enters, or using the dog as a block if he perceives a threat.

        Further into the article you get to the truth. The VA paying veterinary bills of service dogs for veterans since 2002. Now, the VA is spending 12 million to study whether those service dogs are worthwhile, and whether the veteran is reliant on the dog rather than working hard to confront their demons.
        Now, 4 years into the study, the VA has only placed 50 dogs with veterans from non profits, then cut off 2 non profits because the dogs bit the veterans kids.
        That tells me the study was flawed from the start using grab-ass non profits for poorly trained dogs.

        The article states the VA required the dogs to be trained to clear rooms and provide blocking of threats, which is complete bullshit for a PTSD service dog. No wonder their silly study is failing…after pissing away 12 million.

        There is even a guy quoted as wondering if the study was designed to fail so the VA would not have to pay for service dogs.

        If you read the whole article, it clearly comes down to money the VA does not want to pay.

        Leave it to the VA to waste money and screw up a program that helps veterans by using unscrupulous contractors.

      3. @91veteran-
        You said, “The article states the VA required the dogs to be trained to clear rooms and provide blocking of threats, which is complete bullshit for a PTSD service dog. No wonder their silly study is failing…after pissing away 12 million.”

        Sounds and reads to me that the VA has the training of their own Disruptive Committee VA Policeman mixed-up with what a Therapy Dog actually does for a Veteran.
        Leave it to the VA to redefine what ‘therapy’ means.
        You also hit nail on head about VA Psych protecting their pharma turf served on a crazy platter.

  4. Today a friend said he had seen on the (national) news last night, the V(H)A had hired someone who was never licenced to practice medicine out in Utah.
    I can’t find it anywhere. Can y’all help? He might have the state wrong. Or he might have it confused with a civilian hospital somewhere.

  5. This article brings out y dark humor but it’s a pretty good analogy: Anyone remember the very first Airplane Movie where the air traffic controller was busy sniffing glue and was unplugging and plugging the runway lights from this huge oversized plugin?

    That’s how I see this audit thing with the VA. Is this kind of thing code or just a switch or virtual switch that’s turned on or absent entirely from a global menu?
    Interesting if it was like in that Airplane Movie, simply a large arcane switch the VA needs to send Igor up to switch-on 🙂

    1. Ineptitude may indeed be the case, but an aidit system is an extensive and integral part of a database system. One cannot just toggle a variable to turn it on or off light a light switch. An audit system is a gargantuan database system on its own repleat with its own security hash checks and security protocols internal to the software. I was a professional programmer for 13 years on high tech stuff. This was not ineptitude; it was sabotage, via AFGE.

  6. The audit logs were not implemented because AFGE union policy is to protect their membership. Audit logs clearly pose a risk to the employment of the brotherhood of AFGE members, and therefor are not acceptable to union membership. Want proof? Do a FOIA to VHA requesting the response of the AFGE membership to VBA when VBA received the OIG recomendations. I promise you will discover a letter of demand that they do not implement logs without labor negotiations. I wil attempt the same because I know where to go, but if you REALLY want to know why logs will never be imlemented, just ask to see the letter of demand from AFGE to stop implementation. You will find it. AFGE has a duty to protect the brotherhood and cannot let a challenge to that like tracking log implementation go forward wihout threatening walkout.

  7. This is not surprising. Read the history of the way veterans have been treated since the revolutionary war’s warrants that weren’t paid and the Wall street of the time profited immensely by buying them for pennies on the dollar and ultimately receiving payment after most of them were picked up by cronies.

    Nothing has changed. It favors hardware not human ware.

  8. @Robin Mitchell
    Hey lady, you gotta google this from “Military dot com”.
    It will give you a (sarcastic) laugh at VA.

    “Lawyer Pans VA’s Explanation for Not Firing Cinvicted Employee”

    by Bryant Jordan, 27 April 2016.

    It’s about that miscreant, Elizabeth Rivera, over in Puerto Rico. Who “…was involved in an armed robbery!” Yet, “…plead guilty to lesser charges!”
    When I read it, I was floored!

    I also sent it to Ben. Maybe he can make heads or tails of why VA keeps her on the job!?

  9. This is how I read today’s blog!

    Let’s say a veteran puts a claim in for a neck injury, OR tbi, OR ptsd, etc.
    Which clearly is defined within his military medical records.
    The vet, of course, puts in a claim for one of those I’ve mentioned.
    The malcontent miscreant va employee changes the claim to something else. Say, a kidney desease. Which had nothing to do with what the veteran claimed was wrong!
    Well, guess what – DENIAL!
    The vet gets a paper saying “YOUR DENIED” because of the false info.
    What does this do?
    1.) It screws the vet.
    2.) VA saves money.
    3.) the vet has to reapply.
    4.) VA employees stay on the job longer.
    And more!

    This is how I read today’s blog! Am I correct?

    1. #crazyelf- Loud and Clear! Exactly how I read it after several reads, comes back same each time.
      Is Rep. Miller on permanent ‘pre-retirement mode’ and have they found someone to take his place on the Congressional Veteran Oversight Committee as Chairman? Or will this remain unfilled for undetermined time until it’s determined that nobody is actually DOING that work?
      Sloppy, very sloppy of the VA and sloppy by design no doubt. 🙁

      1. @namnibor
        Thanks. I didn’t think it could have been read any other way either!

        Miller, as is all the other committee members AND all the othe committees, are “whimpering little puppies!” No bite! Just a dog and poney show.
        If, and I do mean IF, they had any ‘bite’, they would force someone within the DOJ to take legal action against any perpetrator of a federal criminal activity!
        Yet, it always comes down to one aspect. That is; “Give VA, and all the other government entities, MORE taxpayer’s monies to “fix the fix”! Never mind any criminal activity which was found during an investigation.
        ie: Changing information on a federal document, or destroying documents, IS a federal crime!

        Your comment earlier about depth charges with the enema won’t work. VA personnel need to start seeing jail time on a “work farm”! Let them have a taste of working outside digging ditches, or laying rail on a railroad, or picking up trash by the side of the road. A full blown manual labor kind of job wearing “Orange Jump Suits”!
        Embarrassment is a great motivator!!!!

      2. Chain-Gangs in orange jump suits with full shackles works for me. 🙂 Maybe put them all to work cleaning-up the Hanford Plant in Oregon, still in top sites deemed ‘Super-Fund-Clean-Up Sites”, or anything dealing with Depleted Uranium or Agent Orange…to out things into perspective from a Vet’s point of view. 🙂

    2. Yes, if you look at the claim Rep Lee Zeldin called Dr. Shulkin out over at the hearing last week on my husband they did exactly that. He is 100% for TBI. The accepted constellation of symptoms includes equilibrium symptoms, vision issues, sleep disturbances, etc. He has a lot of damage to his right side including the ear/vision system. You fall 1250 feet with a partial chute opening and spend two decades in Special Ops and see what hurts.
      Indy VBA Director in his own handwriting put it as a diagnosis because of infection, not injury. Then they wrote decide after duty to assist expires and ignored the duty to exist on the cover and gave me the original by mistake.
      Even two of the VHA’s top doctors yesterday admitted it was TBI symptoms. One amazingly said it is his right side of his brain damaged without looking at his records by having me list his symptoms. I was floored. It is.
      Zeldin’s office in a phone conference with Dr. Ronald Maurer and Brad Flohr caught Stephens hiding medical evidence in his claim. Then they wrote to Zeldin claiming he didn’t qualify for r2 when the claim is for SMC T. Now those two refuse to email or call Zeldin back. For now.

    3. I look on it as, “shit. We got caught intentionally leaving the audit logs turned off, so now we will have to figure out how to get around them. Possibly make up fake user accounts. Either way, when Suzy comes in Monday after a 3 day bender and can’t complete claims and her numbers look bad, she can click that denied button and nobody will know.”
      The other way I look at this is, “dude, you spent a billion on a system and forgot the audit logs. Genius! Now you can pitch another $50 million to your buddy to turn em on. By the way, is he still offering that consulting job when you retire next year?”

    4. Oh and, “dude, aren’t you worried Congress will investigate this?”
      “Nah. Congressman Flagwaiver’s son is already a consultant with the company I just spent a billion with.”

  10. Again, anyone want to guess that this omission of an ‘Audit Log’ was done entirely intentional because an ‘audit log’ is too much of a close cousin to that VA Kryptonite called Accountability?
    This could *not* have been simply a slight oversight. This has the term ‘nefarious intentions’ written all over it. A ‘back door’ for deleting/inputting whatever they want.
    The -2- month VA Email Blackout is surely also not a slight oversight either.

    Again…a MASSIVE ***AUDIT*** is needed of the VA before even more $hit is deleted and no longer traceable because as it is, in this article the VA OIG made it quite clear that THEY had no idea how there’s no way of tracing who went into what Veteran’s File and WHY no ‘Audit Log’ exists.
    Why has it taken the VA OIG ***THIS LONG*** to determine there’s a serious loophole for VA Fraud after the countless investigations since 2013?

    Again, I still believe the OIG is culpable and in collusion with all this and is nothing but an elaborate ruse to make it appear to Congress (and Veterans) that $$$$ is going to ‘fix’ certain problems, only to not be so much the clear picture of where said $$$$ is actually being spent and Veterans are paying the price for these $hitty contracts only benefiting contractors, NOT the Veterans the VA is supposedly there to serve.

    Rant out.

    1. Let me ask this: Anyone want to wager that the VA will use this “new crisis” to appear like money-begging-zombies with hats held open before Congress demanding MORE $$$$$ to ***FIX*** yet another “oversight”???
      Does the VA plan these ‘speed bumps’ out to ensure the VA always has an alibi to fix the future problems they are always creating?
      Does the VA have the Contract Options to hold whatever contractor liable for leaving out the “audit log” capability or is that yet another $1 Billion+ down the Black Hole, more $$$$ needed?
      This is insane.
      The VA requires a complete enema with depth charges.

    2. There is another interesting log, report, justification due to congress each year by Bob McDonald. I can’t say what it is. An employee let the knowledge out he uses it. Now, that item I fully expect to be it’s own kryptonite when it becomes public.
      A congressional type told me this week that I find more than they do on some things.. Yeah, I can’t leave my husband alone most days and I have literally ALL DAY to research them.
      Daddy said the most dangerous person in the world is the one that can shoot thru their tears and I was that child. A Rockefeller and the late King of Jordan were his mentors. He is a creep but should know.
      Note to Homeland Insecurity: look up parable. Today’s new word for you.

      1. The VA has so many different logs and other reporting systems, it’s a wonder anyone can keep track of them all. Veteran contact reports, HIPPA violation reporting systems, etc. It makes me think there are so many that some might be useful in providing information on a hospital, while others would be worthless because nobody knew they should be reporting something using that system.

        FOIAs can be fun when you find out about certain systems…which is why the VA keeps them quiet.

    3. Picture this. You’re a veteran who filed a claim using this system when it was first brought on line. After 3 years of waiting, you get a denial letter. Now, your claim was complex and well documented, so you get Congress involved. Congressman X’s staffer, after reviewing how well documented your claim is, and others he has asked about it agree. It should be an open and shut claim. The staffer finds out about the audit log and requests it, because he believes your claim was denied erroneously or fraudulently. The staffer gets the audit log, only to see that after 3 years of waiting for a decision, the log shows only a single VA employee accessed your claim, and only for 10 minutes. Long enough to delete a key piece of evidence, change your initial claim date, and click denied. And the audit log shows the rater accessed your claim 2 days after you contacted The congressman’s office.
      The staffer can’t understand this because he also handles social security claims, knows every file has an audit log, and knows how long each rater is logged in on average before making a decision.
      Now the staffer requests the audit log for another veteran, and when he gets it, he finds multiple people logging in and accessing the claim…as if it’s been passed around to different raters like a hot potato over 3 years because it is complex, and nobody wants to spend the time on it for any accurate decision.

      Either or both of the above are your answer.

      If they want to spend more money on fixing this, they need to not only turn on the log showing who accessed it, but they also need to include a feature requiring a comment from the rater on why they accessed the claim, or they cannot log out or cannot access another file. The log and comment need to be time/date stamped, and the comment work timeline needs to match the amount of time of the audit log. Access a claim and the audit log shows the rater was in there for an hour, the comment should reflect what they were doing in there for an hour.

      For a cool billion, both should have been standard features.

Comments are closed.