IG: Massive Violation Of VA Privacy Rules Affected Undisclosed Number Of Veterans

48
7780

An IG report confirmed allegations into privacy rule violations that led to over 25,000 “remote access users” having improper access to an undisclosed number of veterans’ sensitive personal information in 2016 that went unreported by IG until 2019.

The IG report concluded VA engaged in a massive privacy rule violation. But, IG conveniently relied on the agency’s own internal data breach investigation that allows the agency to evade any notice requirements of the breach. Veterans affected will not be informed. And, the agency concluded it does not need to notify the Department of Health and Human Services of any potential HIPAA violations.

Just before the IG released its report, the Veterans Benefits Administration issued a new Privacy Act policy dated September 27, 2019. Whatever is going on with this report, and the underlying security violation, I can assure all readers there is more to the story.

<< Probably a massive HIPAA violation that VA failed to report to DHHS >>

Who Done It

So, let me give you some context.

An employee of a veterans service organization (VSO) at the Milwaukee VA Regional Office submitted an allegation that veterans’ sensitive personal information was stored on shared drives that could have allowed unlawful or improper access by 25,000 VA employees and veteran service organization employees.

The unsecured sensitive personal information (SPI), including protected health information (PHI) and personally identifiable information (PII) was left on two shared drives at Milwaukee VA Regional Office (VARO). Local and national users who should not have had access could have accessed records improperly and without the consent of the veterans impacted.

The report stops short of disclosing how many veterans were impacted by the potential data breach, and it also does not address how many unauthorized individuals accessed the protected information.

IG substantiated the allegations but did not challenge VA’s internal conclusion that no data breach occurred. Apparently, the allegation on its face failed to allege further allegations warranting a deeper investigation, and IG seemingly stopped short of going full monty.

Is this a case of the fox guarding the henhouse again?

The poor handling of veteran data occurred because according to IG:

  1. User negligence in storing sensitive personal information on shared drives;
  2. Due to a lack of technical safeguards to prevent inappropriate storage;
  3. Inadequate oversight to ensure compliance with agency rules.

Employees of veteran services organizations and 25,000 VA personal could have accessed the information unlawfully due to the mishandling. VA is only allowed to provide access to veterans’ PHI and PII when the individual is given appropriate access.

A few things jumped out to me about this investigation, but one, in particular, warranted noting. Now, the problem here related to improper sharing of veterans’ sensitive personal information on computer servers and network CITRIX virtual network solutions.

But, and get this, in the investigation, “The OIG team did no use computer-processed data.”

So, how did IG evaluate whether a data breach occurred using standard forensic computing tools? Instead, it sounds like IG solely relied on testimonial evidence without analyzing the underlying evidence.

The agency avoided any requirement to file a HIPAA violation notice with the Department of Health and Human Services by using its internal investigation team to evaluate.

Putting It Into Perspective

I tried out the VA methodology on my 17-year-old daughter.

Me to Daughter, “I have heard from a third party you did not do your homework. I ask that you investigate whether you did your homework, and I will not check with the third party to see if you, in fact, turned in your homework. Can you tell me what you find out?”

My daughter was very confused about the question, and she did not know how to respond because of how stupid the question was.

That is how the IG report reads when you consider the data breach question was not evaluated by IG but simply assumed by the agency’s own internal investigation.

We are so stupid for continuing to allow VA, the most corrupt agency in the Cabinet, to investigate itself and then relay the findings of its own investigation, without question, to its own crack IG.

We deserve what we get if we do not reign in this idiocy that allows corruption to fester. We have no one but Congress to thank for the continued corruption.

Inadequate Protection Of Sensitive Personal Information

IG concluded the problem was the result of inadequate protection of PHI and PII. However, they seemingly accepted whole cloth VA’s internal investigation as to whether a data breach even occurred.

How about that? Why does IG accept the agency’s conclusions without addressing the internal findings of the agency? Is this a convenient way for the agency to whitewash wrongdoing?

The IG report concludes provides the following conclusion:

Failing to secure sensitive personal information could result in avoidable VA expenses. If VA’s Data Breach Response Service had determined that the unsecured data resulted in a reportable breach, VA would have been required to notify the subjects and offer them credit protection services. Although VA’s Data Breach Response Service determined that the event did not meet the criteria for a data breach and therefore did not require notifications, the data were put at unnecessary risk. This determination of the lack of a specific breach notwithstanding, VBA and the OIT must provide adequate training, establish appropriate controls, and develop oversight protocols to help prevent improper disclosures and future breach incidents.

So, VA concluded the data breach did not happen, and IG accepted the finding. If VA concluded a breach occurred, VA would have been required to submit notice to the Department of Health and Human Services as well as the veterans affected.

VA Data Breach Protocol

IG appears to have relied on a determination by VA’s Data Breach Response Service to conclude no data breach occurred that would require notifications to veterans impacted. According to the report:

Although VA’s Data Breach Response Service determined that the storing of sensitive personal information on the shared network drives did not meet the criteria for a data breach and did not require notifications, it is important that VA improves its controls and oversight to mitigate future risk.

In light of current risks with VA automatically sharing our health information with third party Health Information Exchanges without consent, veterans need to pay close attention to how VA treats matters like this.

When addressing possible breaches, the agency supposedly follows its VA Handbook 6500.2, Management of Breaches Involving Sensitive Personal Information. The IG report highlights the following summary:

The term “breach” means the potential acquisition, access, use, or disclosure of VA sensitive personal information in a manner not permitted by law or VA policy which compromises the security or privacy of the information. A breach excludes the unintentional acquisition, access, or use of sensitive personal information by a VA workforce member that does not result in the further use or disclosure in a manner not permitted by law or VA policy, or when there is a low probability the information has been compromised.

What We Know

Based on what we know from the four corners of the report, it seems safe to infer more happened than IG is letting on.

The repeated references to the agency’s own data breach protocol and conclusion that no breach occurred leads me to believe a data breach did occur, but the agency did not speak directly with the whistleblower or others with direct knowledge who would have confirmed a breach did occur.

Let’s not forget VA now wants to share all of our Health Information with third parties without consent. That decision to share out information without consent came out just two weeks prior to the instant IG report with an effective date of September 30, 2019.

The agency is now pushing out numerous privacy policy violations

Call To Action

I am calling on all my readers who are cyber sleuths.

Please take a close look at HIPAA, Privacy Act, agency directives, and handbooks that may be implicated in this particular violation.

Why would VA give access to VSOs illegally and not check in to see what is going on?

Who is against who and what does each party want? In this context, VSOs were given access to veterans’ PII and PHI without consent from the veteran. The breach allowed access remotely.

Who would benefit from remote access to VSOs of veterans PII and PHI who otherwise did not grant those same VSOs access to their records?

Was this a backchannel to allow VSOs to conduct off-the-books data gathering that would not be trackable through normal means?

VSOs are noted within the report as signing Rules of Behavior agreements with VA to get access to the agency’s CITRIX system that applies only to VA employees and government contractors.

Are VSOs actually government contractors? Why would they sign such a contract? Does the contract compromise representation independence, if any existed to being with?

Does the IG report provide enough information for any disabled veteran to submit a complaint to DHHS for HIPAA violations even though VA concluded it is not required to notify the veteran or DHHS?

Read VA Handbook 6500.2 linked above. Are there any scenarios where VA errs in the application of its matrix where the agency is required to disclose under HIPAA laws but the matrix says no disclosure is required.

Should VA apply Matrix 2 (pg 31) or Matrix 5 (pg 37) or Matrix 6 (pg 39)?

Stay informed on VA news, scandals and benefits. Get our daily newsletter via email.

17343

DisabledVeterans.org

Get our free daily newsletter.

48 Comments

  1. The old adage, “One lies and the other swears to it.” comes to mind; EVERY.SINGLE.TIME I read an OIG investigation report. We once asked WHY the VA OIG (and OGC) answer solely to the VA leadership – as that is a nearly guaranteed method to NEVER see a factual investigation. The answer we were given is: “Because that is the way it’s done.” I’m STILL trying to find the “WHY” – (we know WHY!) It is so that VA can do exactly what it has done here…obfuscate, redirect and gloss over the festering, sucking chest wounds that exist in every sector of the VA. I challenge anyone to pull any random OIG investigation and NOT find the words, “oversight” and “training” as the causes and solutions for ANY problem. For example: a program gets $800 MILLION a year in a budget, but only services less than 20K veterans (and that number is shrinking); yet despite concrete evidence of illegal actions (not just “against the law”, but rather CRIMINAL ACTIONS), the OIG solely found that VA needed “more oversight” to “prevent potential over-payments to veterans”. (NONE were found by OIG, just the “potential” for it); and is typical, the OIG did NOT interview a single affected veteran or whistleblower for this “investigation”.

    • Benjamin, you mentioned the back channeling by VSOs to collect data. This is true even if the data is not part of the actual VA veteran record. The VSOs are aligned directly with the VA even with wrongdoing. Yes of course, they submit claims-disability claims-torque claims-public assistance, etc., but, ultimately, they rarely stand against the VA. If you look at the situation, the local VSOs have little power against the VA. In other words, they just say they do what is in their realm. The reality of the situation is the VSOs are not qualified to hold the VA accountable except by submitting claims. Most are not attorneys and most do not have money growing off trees like the VA believes that they have. But, getting back to the backchanneling of data, VSOs accumulate information from veterans via emails and other forms of media. Plus written documents. In my experience, the only VSOs who acted in my best interest were at the time of my retirement. At that time, though, I believe they had too because private sector was involved to a certain point. At that time I would say the law was on my side to a certain point due to people outside of the military having been involved. Current VSOs act similar to Speaker Nancy Pelosi. They placate. No VSO except at the time of my retirement has been willing to assist me with any issue that is of substance and that requires them standing up to the VA.
      Ben, the VSOs store emails from veterans that have been sent from vets to them. Of course emails are for public record; but, initially if vet has an email, VSOs have encouraged it. Let me take it further. The Congressman’s assistants say, “Oh, well this VSO does his or her job well.” I am referring to the emails Ben. The backchanneling of data. Ben, I have paid attention and have noted happenings along the way. I am a very detailed person. This goes along with having good interpersonal skills which I have already mentioned. The interpersonal skills are what companies claim veterans do not have which is far from the truth. This is not the issue. Companies are making excuses. Interpersonal skills are not important to these companies because the companies live, breathe, and eat technology in their sleep. My point is doing everything online reduces human interaction which can regress interpersonal skills. Most veterans are patriots to this country which is what many of the power to be folks hate. Many top elites want to overthrow this country and many of the veterans are in their way. Thus, what is so baffling is the VA has many veteran employees. If they are true patriots, why would they be participating in any of this Ben? Against the veteran patients? Data exposure illegally. The email data collecting by the VSOs in my opinion is not in the veterans best interest at all. Veteran patients. VSOs here locally are most certainly not with me at all. Never have been except at first but then maybe not even back then but they had to follow the law. Best.

      • What are they doing with all of this data? For what and why? To collapse and take over country similar to what China has done and is doing to their people. Get all under one. Then shutdown LIFE and LIFE itself.

      • Ben, going to review the matrixes that you wrote in your article as well as take a look at the VA Directives. When I had mentioned earlier about VSOs not being able to fully stand up for veterans this is if they are actually credible VSOs, Ben, the VA would wipe them out with no recourse. I am referring to financial and legal. If the issue is to be a certain way, the VA does not care who they step on. But, if the VA is in support of the issue, the VA will make the VSOs into Champions no what the doing and the issue.

      • Government vs People.

        Here it is. Against Capitalism.

        Ben, using the data to take down veterans. Now, I am just saying due to what I am witnessing.

        Government wants to dictate and control with leaving citizens without recourse.

        The vets working in the VA has nothing to do with veteran status. It is similiar to a statement that I read by another veteran on your blog. Government up vets’ asses.

        Democratic party has not changed in over 200 years.

        Put it like this Conservatives share similiar boats as how Democrats have treated African Americans in the past.

        Whites linched in past history back in 1700s and 1800s.

        Much a do about nothing. An ogar.

        Sad.

      • The bottom line is who cares. The VA can have it all. I honestly do not care. The American govt is sad. All I have to say. Moving.

    • Benjaimin, this may be related the Federal government vs Donald Trump. The VA lumping most veterans in with President Trump. Who knows? Govt believing they know best. Ben, no they don’t because the are too disconnected.
      They just cannot see it at all. I am serious.

    • Government convincing younger generations that they are going to die everyday. See this Ben. This is the sabotage going on. Everything with the leftists is non truths. Shams and lies. VA is here too.

  2. “One lies and the other swears to it.” Perfect fit, full circle on many issues.

    Why do ‘they’ all just want to focus on 2016 data issues?

    Why the hell do they even dare to include agencies like Department of Health and Human Services when all they do is keep things at the local or state levels with their staff claiming all kinds of other requirements or laws must be applied to any situations. They claim they can do nothing about corruption, released file info to not having the ability to acquire copies of med files from some health care facility playing games, ID politics/continuation of VA retaliation in the health care fields. Try to go outside of the state, go by the ‘chain of command’ or proper procedures they demand be followed is a waste of time and effort including congress people, their staff, senators, ACLU, any board or agency out there. They all just continue on with the gas-lighting and cover-up games, plus all the retaliations that become totally insane. Not once has any returned calls happened or questions asked, none. Or that HIPPA violations, “breeches” having the same under-lying special rules to follow, varying definitions, applications, jumping from one “matrix” to another. Or we have to play some kind of semantics game. To them, from them all, any of those ‘over-seers’ not getting involved in or with federal agencies like the VA, then on to civilian care, the “non-profits,” or different rules concerning “for profit,” or “private” health care systems. They all have their excuses, hidden agendas, distraction play-books, politics and gaming that lasts for years hoping we die or is swept under the carpet like suicides have been.

    What does one do when every agency, all the over-seers, groups, professional groups/associations, VSOs, media, etc., refuse to take complaints seriously or refuse involvement or to properly investigate matters?

    Like with anything else directives, rules, laws, on any level or cause MAY not apply at all in some locations. The IG, HHS, and many other agencies/departments should just be closed down and tax dollars spent elsewhere. But that’s dreaming as the corruption, suicides, censoring, and attacks or being community wide banned continues. Change will never come or the more they all claim positivity and change it will all remain the same…. totally corrupted top to bottom.

    Odd isn’t it local politicians, “leaders” not representatives, those at the VA top levels, IG types, those “good people,” media, refuse to come out into the open to discuss issues or chance being questioned by someone like me, and some others.

    • Benjamin, it is a good question as to how many and which veterans that this situation involved. This action could have been to retialate against certain veterans.
      Listen, when it comes to me, Ben, I have legimate complaints regarding the VA. Even as so much as needing a test done and the VA refused to do it because they are concerned about the VAs money supply. I was had to involve VSO. Ben, I wound up just leaving the VA. But this is one of many situations. So if the VA does not provide services to veterans, why are they existing? Have they become a money laundering domestic terrorist system? It most certainly seems like it. Ben, I have not made any false claims regarding them. My comments on all of my issues regarding them are true factual occurances. It seems they are targeting veterans for what reasons? Because the veterans need a medical procedure done or services to assist to get into employment with. If the VA now has mostly veteran employees, it seems like they have brought their foreign past war zones into the VA with them. This could be targeted at veterans who supported this president. Ben, who knows? But why would whomever so desperately need veterans data to the point of establishing a remote server for people to access who are not in the know to now be in the know illegally? Ben, most veterans who are in the VA would not be necessarily holding employment positions that would involve national interests such as working in Nuclear power plants etc. So I would assume these data breech actions could maybe be all about taking down the veteran population. In the ways of identity theft that might could lead to stealing money from veterans to overthrow them this way. Veterans should act with vigilance at all times. Monitor and track everything. Ben, why is the medical data such a gold mine to whomever other than to take the vets down? Because the data is not accurate in many cases due to many VA employees having changed many records to protect themselves from the judicial system. Hell, even the legal system is corrupt to a certain point. So what is the VA worried about? The rule of law rarely exists any more. This is what Trump and his newly appointed Supreme Court Justices are trying to restore. They are trying to restore our Constitutional Republic.
      Why worry most are corrupt even both Republican and Democrat parties. Such a double standard.

  3. The constant violations perpetrated by the VA and the ones responsible continue to get away, the big wigs just go by their daily business as usual, no harm no foul, because it wasn’t their information that was compromised, the buck stops at the top, or it should but he’ll have some lame excuse, just like everyone involved, when is someone with the nutsack going to correct the issues plaguing the VA

    • Just one problem with that Larry. Privatization will not help or be a cure all. Seems civilian care with whatever designation they can claim, use, or get by with much more or just as much as the VA and other clowns can. Or, haven’t enough people been told by civilian care hospital admin types (and many others) “not to expect security or privacy in this day and age.” Like one admin’s secretary informed me of. “I already have your name, ID, and private phone number.” “From that I can get any kind of information on you I’d want.” And the hospital’s CEO, staff, and other clowns have refused to give me copies of my VA and more recent files they have, or received… till this day. As the community shunning and attacks continue on and they still refuse to forward my files to another MD’s office for health care. And none of this is considered “illegal” by the HHS, ACLU, medical boards, politicians, VSOs, countless creeps contacted etc? Having VA IT staff over the Healthy E-Vet scammer site can delete secure messages too and it’s covered up and protected? Or told we aren’t supposed to dare question VA’s highly trained staff or what they do especially the female activist?

      Locations may vary with care or better possibles. Some locations, states, are corrupt to the core and no change will ever come short of a revolution or the public and vet groups march on DC and state capitals in mass but that won’t happen either. Like the VSOs the silent majority will remain silent and the fearful of the systems and over-lords that be will remain fearful and bow to the corrupt scum who rule over us along with the medical societies out for the mighty buck and total controls over our lives.

      • @”T”,
        There’s possibly one flaw in your thinking. If the VA was privatized, on the healthcare side, we veterans would probably have a better chance of living a fruitful life!
        On top of that, look at all those BILLIONS of taxpayers monies not getting into the hands of ALL those unscrupulous people!
        Then, those monies could be used by veterans to pick and chose whichever healthcare providers we want!

      • Elf, not a flaw if people are paying close attention and reading between the lines about my own adventures in health care locally plus the corruption to retaliation that is non-stop and pervasive in every avenue of life. Plus the considerations that every community and state out there are different animals to deal with. Some are out of this world different to purely psychotic or unbelievable.

        Those wasted billions or trillions ceased would be a big plus. However in “union strong” states and locations, besides the hype and propaganda of living in a perfect unionized closed shop state, would be pure hell to deal with. Anyone notice all the unions during some pictures on TV about the teacher’s union strikes in Chicago and around? SEIU was there, PINK was present, AFGE was present, AFL/CIO present, special interest groups present, Antifa present plus the teachers and others with nefarious self protecting agendas. Main point being portions of all those union dues going to fund those who are totally against us while defending their own incompetence to corruption and cover-ups.

        Also in some locations like mine which I mentioned before is the difficulty in finding doctors to see us, accepting new patients, will take Medicare, that refuse to see chronic pain patients, and no such thing as geriatric MDs to be found within a hundred or so miles. On top of that are out-dated physicians listings given out at local hospitals. Doctors that are only in-office a couple times a month or when in-country. Plus the ones who refuse to see patients like me since leaving the VA went to another civilian hospital and require, demand, my files from the VA sent to the civvy hospital plus the more recent files from them (civilian care types) be forwarded to them before being accepted as a patient by the new ones. And the hospital and clinic refusing to do so. Why? We all know why.

        At first I could get pain meds from one, only one local MD that will prescribe them… if you can jump through their hoops, sign insane contracts with them as bad as the VA and sit and wait for 4 to 6 or more hours per trip, in a small clinic, no water or food allowed, no decent seats to sit in, if we can sit, per laws for needed trips maybe three times a week to get them. Nonsense. The elite and connected don’t have to play those games, nor do the unions/others with their own special clinics just for them. A lot can be said about some things but I digress, it’s all been pointed out previously.

        According to local business journals and med reports our state is in a mighty shortage of MDs. Finding quality care for me and many is near impossible… and why suicide rates are soaring. Media will not report what I hear out on the streets with my signs doing my little one man protests. Suffering is through the roof due to pain conditions to forcing patients to “try” all those other treatments or physical therapy that do NO good at all and have been tried before many times over.

        Shortages, claimed, to be so bad “lawmakers” including nurses want the ability to take positions where properly trained physicians have been or be filled by nurses.. alone. For nurses to see patients “independently” and void from other “professionals” or MD staffers. And many want foreigners to come work here with visas. And seemingly don’t need to have a good command of the English language either. Then on to the fraud and scamming issues that are also ignored in this state. The bull shit here in non-stop and corruption rampant but few care to see it or acknowledge it.

        In the news. Sixty plus Indiana hospitals are under scrutiny and supposedly penalized for completely “unnecessary” patient readmission. Lousy care and early releases and no pain meds are the forefront of it actually. Sending people home without pain meds after major surgeries don’t help there either. No mention of all the damages and death being reported on either. But it’s called just a waste of tax dollars and lack of “follow-up” care. Oh and many other major issues over health care, patient abuse/neglect, uncaring staff, the VA and civy hospitals aren’t mentioned in any reports either.

        In short, some things are easier said than done. Have a target on our asses due to “whining,” VA crap, or questioning or wanting some answers or filing complaints over vast amounts of unceasing corruption don’t help matters either. Wilkie should come here and visit, I could ‘learn’ him some things.

        Have a good evening.

  4. I hate how Ben gives u half a story. Dont forget to send him his $19. Vso cannot access ur records without ur permission and you actually sign a POA so they can ASSIST you with a claim. My VSO was amazing in helping me. They are very strict.
    Does the VA employees make mistakes -yes they do. They are human. Majority are veterans who want to help but they do make mistakes.
    You all want privatized VA? I guarantee the private sector has more HIPAA violations than any VHA facility and they all share ur info.

    • Your comment is bullshit. Ben gave the story. VSOs have access to data after they get permission on a secured system. Copying that data to a shared drive defeats the secured system.
      VSOs are not at fault. The morons who put that data on a shared drive are.
      As for private breaches being more, that is false. Private companies are absolutely hammered by regulators for data breaches. Government data breaches are massive by comparison, and nothing happens.
      The IRS leaked data. The VA has had multiple instances of breaching data, including one laptop with over 2 million records on it. OPM systems were breached exposing massive amounts of background investigation data used for security clearances.
      Health Net who ran part of the Choice program had data breaches.

      The difference is, when a private company loses data,they are required by law to report it, and required to pay for steps to help consumers. When government does it, they only take steps when caught and forced to do so.

      I have had my personal data breached by the IRS (refused to do anything), the VA multiple times (refused to do anything) and OPM, who were forced to provide identity protection. I have never had a private company lose my data.

      • 91Veteran, you are correct.
        I agree with you.
        Regarding the information that I have been telling you, Ben, my boat out here knows the facts and happenings. Not the VA.
        I have mentioned to you the VA has missed the boat in regards to me.
        And, after reading this article, more of what I have voluntarily emailed to you explains more of what has been going on in my situation. Like I have mentioned to you over and over, I have not understood where they are coming from at all. It is risky enough that I have emailed you information. Ben, I have needed a voice. I have not had a voice at all. Damn vultures everywhere with breaking their necks to get veterans information which may or may not be correct to begin with due to such a corrupt agency. Now do you see why I have not applied for Voc Rehab? Information is those records to not apply to me today. Even may not have applied to me then all the way. See how a Senator has introduced a bill trying to hold Facebook accountable in regards to privacy? I had mentioned to you the Senators and House of Representatives are most certainly not innocent but they are claiming the moral high ground in which they are not. The VA is at the bottom of the totem pole with corruption that seeps into a bottomless pit. A cess pool of crap that should be closed down.

  5. The Veterans Administration are committing RICO ACT VIOLATIONS also known as a CRIMINAL ENTERPRISE. I am very happy that President Donald Trump, the FBI, the US Secret Service and the GAO are finally listening to me, reading and applying the information that I have been mailing them for years.

    The amount of money that has been stolen is 124 TRILLION DOLLARS and counting. The taxpayers are responsible for this theft, fraud, money laundering, illegal wire transfers and other crimes that are being done by CVSO’s, VSO’s, SCO’s and VA Employees.

    Now these investigations are leading the FED’s back to “DECEASED” Veterans whose DD214’s and other Vital Records being used in concert with these organizations that are “NOT” supposed to have access to our information through e-Benefits, VA.gov and other portals. Once the information is downloaded there was nobody to stop them from filing claims in the “DECEASED” Veterans names and then “AWARDING” themselves.

    By doing this the Surviving Spouse/true beneficiary never receives their benefits. We are simply mailed “DENIAL” Letters for this money that has been “AWARDED”. Now we are being contacted by the IRS because, these people who have made themselves or “FIDUCIARY” MUST FILE TAXES.

    Can you say “CHECKS and BALANCES” are catching up with them slowly but surely. If you don’t apply for your benefits or have an e-Benefits Account or VA.gov account you will never know that you are one of the Victims. There are MILLIONS of us.

    Respectfully,
    Quancidine Hinson-Gribble

  6. All I wanted to do was change the back were my direct deposit goes to. So I submitted my SS number, a check blank for routing and the form with my pertinent information and gave it to the appropriate person at the VA office. It’s been 5 months and nothing has happened other than I have my personal information floating around the VA were anyone can take advantage of it. I ask a bunch of question and got no real answers to them. Lets face it, the VA is no different than private organizations, either of them are staffed by humans with all their faults and shortcomings.

  7. all this is known yet nothing of significance is being done about it. None of the Veterans organizations have stepped up to the plate and used their numbers and influence to work on the issue.

  8. “Are VSOs actually government contractors? Why would they sign such a contract? Does the contract compromise representation independence, if any existed to being with?”

    I think a grammatical error is stymieing clarification.

    Should “being” in the above sentence be ‘begin’ instead? The latter would make sense.

    Ben, sorry, but it does change the meaning significantly.

    Thanks for making these articles printable. I am going to print this and take it to the ‘Release of Information’ clerk who yelled at me for submitting my VA Form OCT 2019 10-10164. She thinks the system she is managing and protecting with her skills is perfect and protecting ‘we’ Veterans that she trusts implicitly. Another moron in this failed system who believes the bullshit that comes from the mouths of her superiors.

  9. Veterans who this. get rid of electronics devices when email your Senators or Representative about your belief how to improve Veterans Health Care and Senators and Representatives personally lied to you.

  10. A lot to unpack here. Interesting they forced out a data sharing policy with every veteran opted in during the same time as this breach.
    It makes on wonder how many other locations are doing the same.
    Having the IG accept the internal review suggests no details will be made public.
    I understood VSOs had access to your data in order to assist with your claim, if authorized. This suggests VSOs had access to any veteran at that facility regardless of whether they had authorization. Now that does not mean VSOs have access to all data at that facility, which this appears to be the case.
    If I am reading this correctly, Citrix in this case is essentially an interface to a massive database.
    Are VSOs typically required to access this system from specific machines? Typically that is the case. If this data was on a shared network drive, then someone took specific steps to copy the massive amount of data from secure storage to a shared drive.
    A shared drive that anyone would have access to who had permissions for that share.
    That there was remote access suggests there was a Virtual Private Network (VPN) set up allowing someone to access that data from anywhere, using any system.
    Why? Why set up on a shared drive accessible through a VPN?
    FOIAs could be flying right and left on a number of things here, including what that Rules of Behavior consists of. Does it allow access to the database? Does it allow access through VPN? Does it cover both? everything?

    Why was this data copied to a shared drive?

    If it was a shared drive, then it was likely backed up. Where was it backed up? Is that storage also remote? What happened to the backups?

    During this period, were any drives changed for any reason? If so, how were the old drives sanitized? Were any backup drives changed? If so, how were they sanitized?

    The IG might claim there was no data breach, but if backups were made, they have no idea where this data ended up.

    The IG needs to explain exactly how they determined there was not a data breach. Was it based simply on, “well, we have the access logs to that data, and everyone accessing it had authorization, so there was no breach”.
    They cannot claim that unless they can document where every backup set ended up, including drives used for the backups.
    A system administrator with permissions to both copied that data. They need to explain why.

    I doubt anyone will get an answer since the IG stated right up front why. It would cost the VA too much money for some broken down old vet to protect their identity.

    Since it happened since 2016, there WAS a data breach. They cannot say otherwise unless they can document everything about accessing and backing up that data.
    That it was on a shared drive means other VA employees who had access to the share, had access to the data, even though they may not be in a position authorizing access.
    Think of a VA Librarian having access to the shared drive. They have no need to see medical records, but with the data stored on the shared drive, the librarian had access to it.

  11. It was reported a few weeks ago, Secretary of VA Wilkie said, almost 90% of vets want to use the VA’s facilities.
    Then, Secretary Wilkie, answer me as to why ALMOST 50% of the veterans in America aren’t registered with the VA?
    Is it because of all the crap your underlings are perpetrating against us?
    Why don’t you start telling the truth!

    The VA needs to go privatized! Maybe if we got rid of all you high paid slugs, the VA might run better!

      • But initially they did save my life at first but down hill over the years.
        Vets I know who are not in the VA are holding decent employment and running businesses. They did not have to land there like I did without choice.

  12. For years my appeals info has been sent as a cc to the American legion who does not represent me but I cannot for the life of me get them removed from receiving my info or get the appeal process from being held up by their “review” of my file.

  13. For years my appeals info has been sent as a cc to the American legion who does not represent me but I cannot for the life of me get them removed from receiving my info or get the appeal process from being held up by their “review” of my file.

  14. Published Indy Star 10/20/2019

    Veterans are abandoned once they return home

    Every year we are losing enough veterans to fill an aircraft carrier. The number is around 6,000 a year due to the government’s incompetence to fix its broken benefits problems and give veterans a choice over there own care. The government needs to abandon the V.A. system. Veterans are being made to wait years as there quality of life around them goes to hell. Veterans harmed by the V.A. are usually left to die as the government will deny all liability. All I can tell any person thinking about joining the service is that your government will abandon you when you come home.

    James Yakym

    • Sy, interesting and TY for posting this.

      In my location getting news from outside sources is not easy. We peasants or townies have to dig deep for news. We don’t get capital city news easy today. It’s not carried on local cable, satellite service, etc. Finding a newspaper from there of any kind is rare even in the public library that outside news resources dwindled to near nothing at all. We are flooded with university news, ie., WTIU, PBS, WFYI, two channels of local lying propaganda source plus the usual few picks of MSM. That is all. Like stated before censorship has killed us off from the world and spreading information or making it impossible to ‘group-up’ or network.

      Social media is no better, leaving opposing comments about local news and all is forbidden. It all has to be positive and in total agreement with the rulers and ‘their’ “community.” Group-think, be silent, bow, kiss butt and rings, or else. Meaning that concerns VA issues, suicides, attacks on disagreeable citizens, abuse, violations of basic rights, no finding legal aid, no VSO support etc. Harmful, terrorist threats, death threats on enemies of this village is okay too, even by cops. So is property damage by energy company… union members and lying staff. And people think all this is made up or no such thing as “retaliation” exists out here in la la land or our global village. Some out here are living in one huge Matrix with too many drinking the Kool-Aid or thinking all is well since they don’t have to live in a place like others are forced to. And why so many, all, refuse to get involved in more serious issues or dare stand-up to the mafia groups, cliques, associations, self protecting professionals plus the large assortments of countless others. Nepotism, corruption, censoring ensures the corrupt are protected on every level out there including the VA, all forms of health care, to no recording in some hospitals, our court house, police station, or other places where we need to defend and protect ourselves with “evidence” of harm or threats done to us. Sadly all are …. pure facts and easily proven.

      My letters do not make it through the editors hands and haven’t for years, not here or elsewhere. Like real news and some events don’t make the news either. Patients being killed or allowed to suffer by the hands of healers or in hospital or the VA won’t pass media muster and censoring here either. Hush hush. Sheep, tyrants, the cliques love it.

      • T, forget the cable news except for a few news contributors from Fox News or Fox Business. Get a battery operated radio with both FM and AM.
        Tune into Mark Levin among others if you want the truth.

      • T,
        Nice post. I agree we are deluged with total BULLSHIT constantly. Especially on cable and dish.

        Stick with PBS Newshour because they tell the truth and bring in the people to comment and interview who know the truth because they witnessed it. The show is based in wash(ed up)ington d.c.. Right there where it is all going down (the tubes of the bowels of hell).

        That SHITHEAD!!!! mark levin will sell you out along with all the other idiots out there that are gullible enough to believe the SHIT that comes out of his filthy mouth. BTW, I don’t think you are an idiot. Just hungry for the truth.

        “Stupid is as stupid does.” Forrest Gump, fictional character.

        Don’t listen to talk radio because . . . ‘agenda of brainwashing’ is the norm?

        I listen to CDs when in my vehicle so I can enjoy the ride. Led Zeppelin mostly. Yeah, I’m old.

  15. Here’s a fucked up article to ponder! A crack dealer, on federal VA property, pleads guilty. Received time served (about 2 months) and 2 years probation!

    *”https://www.military.com/daily-news/2019/10/21/man-sentenced-selling-crack-cocaine-va-hospital.html”*

    This is another reason to SHUT DOWN THE VHA SIDE OF VA!

  16. An individuals medical record info is more vital to an identity thief than one’s SSN, drivers licence or bank account info.

  17. Crazy elf that was a veteran as many VA employees have been suspended with pay and nothing ever done. The doj US attorney was transporting and using illegal drugs as they refused to prosecute him. There was a article that was done in the defense of this veteran. Alot of times the government creates these problems. There was a veteran couldn’t hold down employment because he was disabled and the government wouldn’t give him disability because they are deliberately denying everyone. So what is one to do in dire straight? He end up selling drugs and ended up in prison. The court of public opinion usually convicts everyone without ever offering any solutions.

  18. Facebook VA lies falsehoods has 30,000 members including veteran lawyers and friends with Ben. Alot of current veteran news posted there.

  19. Letter: Our government does nothing while lives are destroyed
    Evansville Courier & Press Published 11:38 p.m. CT March 13, 2019 | Updated 11:39 p.m. CT March 13, 2019
    CLOSE
    CONNECTTWEETLINKEDINCOMMENTEMAILMORE
    Letter to the editor

    Letter to the editor (Photo: File)

    There is absolutely no accountability in the Federal Government.

    A Veterans Affairs-contracted doctor destroyed my life with opioids and at a minimum should lost his license. The VA did nothing.

    A nurse put in over one page of whatever she wanted to in medical records and was given a full-time position even after they took disciplinary action. A VA psychologist was on probation for throwing medical records in the Walmart trash can and VA has him in charge of records. It’s been complaint after complaint, investigation after investigation. VA does nothing.

    President Trump promised us VA accountability.

    We have an all-time high in veteran suicides because of years in delay of benefits. A veteran killed himself at the Mishawaka VA over the summer. I asked to talk with the director of the VA and was told they don’t have a open door policy.

    This is also the same with Social Security. I asked the lady that did my denial what gainful employment job can I do, because I get migraines. She said there was none, we just put that down so we can deny your claim. The postal service sent emails to get rid of their disabled employees and not one person was terminated.

    Years pass with real consequences from people losing their homes, committing suicide or destroying their credit. Peoples’ lives are destroyed with no one held accountable . The only people the government goes after are whistle blowers, veterans and the disabled.

    – James Yakym

  20. One way our data is being used; not the subtle Lack of the word Veteran in the title…

    [Traumatic Stress Tied to Stroke in Young Adults | MedPage Today]
    “https://www.medpagetoday.com/neurology/strokes/82804?xid=nl_mpt_SRNeurology_2019-10-22&eun=g1239929d0r&utm_source=Sailthru&utm_medium=email&utm_campaign=NeurologyUpdate_102219&utm_term=NL_Spec_Neurology_Update_Active”

  21. Crazy elf here is the article done for the veteran in Bath New York
    A4 Sunday, August 4, 2019 The Leader
    Government tosses veterans away like trash

    To the Editor, Veterans Affairs police are recently under fire for falsifying records, assaulting veterans, causing death, plotting murders and not reading veterans their constitutional rights.A veteran from Bath VA is due in federal court for drug possession.Were his rights read to him?Was a search authorized?This veteran belongs in drug court not federal court. The VA will put veterans on mind-altering drugs, take no responsibility for their actions, and prosecute veterans.The VA has killed 300,000 vets and not one person prosecuted. The U.S attorney was transporting and using illegal drugs as they refused to prosecute him.The two tier justice system needs to stop. The criminal justice system should be remembered for the lives saved not destroyed.

    James Yakym Mishawaka, Ind.

    • JY,
      This came out today: “VA realigns police operations to promote oversight and standardization
      October 25, 2019, 11:04:00 AM”

      I read the post to read the Nazi V Police are re-organizing down to the local level at all VA Hospitals with OVERSIGHT ? Holy-Moley- wtf does that mean? I was victimized by the Albuquerque VA<MC Police about 1.5 yrs ago. Falsifying records is only part of the game, I can tell you that. Beating the shit out of Veterans is also a fact. VA Cops have caused the deaths of Veterans. The little dictators like Sgt. Butts on the ABQ Campus will do and say anything…
      I have heard argument for and against Privatization. My opinion is to just let us go to our own private doctors and send the VA the Bill. The Mission Act is a farce. Here in Arkansas they are touting it , how great it is and that's a load of shite. Just talk to the guys who can't get the bills paid ( stuck up the ass again). Taking the VA private will mean the crooks at the VA have to get schooled on how to become professional thieves in the public sector- how long will that take? I say shut the whole thing down. A better model could be: Your Family Doctor who has known you since childhood see;s you on a regular basis,before and after BASIC and every Duty Assignment- he documents your injuries, he assists in claims and verifies before and after exposures. SCREW the VA and SCREW the DOD- enough games!

Comments are closed.