MMQB: Did Hackers shut down eBenefits.gov?
VA officials and veterans reveal facts suggesting eBenefits.va.gov website was hacked. At the least, a software glitch resulted in a privacy breach. This comes on the tail of reports some months ago that VA records were a known target by Chinese hackers.
I’ll touch on this and more below.
Hi and welcome to another edition of Monday Morning Quarterback for Veterans. I am your host, Benjamin Krause, founder and chief editor of DisabledVeterans.org.
MMQB is where I let my hair down and riff on all things VA for my readers.
This weekend, many veterans circulated the rumor that eBenefits.va.gov was down. Apparently the claims were more than just rumors. There was a breach. Today, I also want to touch on some of the new regulations VA is passing down from its VA Throne in DC.
Reports indicate the new regulation will shock some veterans by tightening requirement for claims.
Here is what we’ll briefly cover today:
- Hackers shut down VA system?
- New VA regulations
- My response
VA Privacy Breach
Many news outlets and veterans across social media reported yesterday that eBenefits.gov was down. But many of us did not know why.
Apparently there was a privacy breach on the website that gave rise to the shutdown. According to Navy veteran Sylvester Woodland, the website was more than just glitchy the night before.
“It gave me a different person’s name, each and every time I came back,” he said. “At first I thought it was just a glitch, but the more I thought about it, I said, ‘Wait a minute, this is more than a glitch, this is a breach.’”
Woodland said he put a call into the DoD and VA but did not get a response until Saturday. The agencies asked him to scan some of the pages and mail them back to VA.
Other veterans experienced similar problems, but VA now claims the issue was a matter of a software defect.
Last August, 2013, VA received some heat for its data practices, which led to what appear to be informal press releases from VA via third party venues. The purpose of the messages seem to be to reassure America that VA takes its job of securing veteran data seriously. The FCW VA security article talks about what VA claims it does for those of you interested.
Two months earlier, June 2013, VA’s OIG gave VA a scathing review before Congress. The testimony that was provided by Assistant Inspector Linda A. Halliday leveled VA. Her report sets out the problems with VA cyber security:
Secure systems and networks are integral to supporting the range of VA mission-critical programs and operations. Information technology (IT) safeguards are essential due to the wide availability of hacking tools on the internet and the advances in the effectiveness of attack technology. Lacking proper safeguards, IT systems are vulnerable to intrusions by groups seeking to obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other systems. VA has at times been the victim of such malicious intent. In the past, VA has reported security incidents in which sensitive information has been lost or stolen, including personally identifiable information (PII), potentially exposing millions of Americans to the loss of privacy, identity theft, and other financial crimes. The need for an improved approach to information security is apparent, and one that senior VA leaders well recognize.
In response to the need to improve security controls, VA has made progress defining policies and procedures supporting its Department-wide information security program. However, VA continues to face significant challenges implementing effective access controls, configuration management controls, and contingency planning to protect mission-critical systems from unauthorized access, alteration, or destruction. VA has taken positive steps to safeguard personal and proprietary information used by VA employees and contractors.
In light of this weekend’s revelation, it does not sound like VA took matter of security as seriously as they claimed.
Sources:
ABC News
VA responding to website privacy breach
FCW: The Business of Federal Technology
How the VA deals with data breaches
VA OIG
How Secure is Veterans’ Private Information?
Veterans Group Reacts to New Draconian VA Rule
“Draconian” and “heavy-handed” were two terms Veterans of Foreign Wars used to describe the rules VA is pushing down with its massive overhaul of the disability compensation regulations. But the VFW was not alone in its sentiment.
The new rule would require a veteran to file a claim through processes and procedures set forth by VA lawyers. This would, of course, be reasonable if all veterans were attorneys.
However, many veterans are just struggling, day in and day out. Things like insurance contracts and similar documents are daunting, as they are for most people. Rather than make things easier for vets, VA has opted to restrict the rules even further.
Our own Ron Nesler had this to say about the issue last week:
The current informal claim rule is the only VA rule I know of that actually works to the benefit of the veteran. Under the current rules for informal claims, anytime a vet mentions (either in writing or orally) any condition or illness from which you suffer an informal claim is established. And, that informal claim establishes the date of the claim for back pay purposes.
If you call the VA or drop them a short note written on a cocktail napkin saying that your head has exploded from the high anxiety of waiting six years for a response to a previous communication to the VA, your mere mention of your exploded head establishes an official VA claim for exploded head syndrome. This helps lots of veterans.
Many vets start out trusting the VA and thinking that the VA will help them, if they just tell the VA what is wrong. And, in many, many cases, the vet establishes one or more informal claims, just by telling the VA what is wrong, without ever actually attempting to file a formal claim. Sometimes this rule gets a vet years of unexpected back pay, because the date of their claim, which establishes the date that benefits begin to accrue, goes back to the unofficial claim where the vet was just telling the VA his problems, while looking for help.
Read his full commentary on the proposed VA claims change here.
The real question here is this. Why does VA seem so fixated on restricting claims all the while Congress and the press continue to remind them that it is really hard to even make a good claim in the first place?
Many veterans are completely baffled about the process of filing a claim much less prosecuting their own case against VA’s teams of doctors, adjudicators, decision review officers, and lawyers.
VA could instead just focus its time and money on educating veterans about how best to complete an effective claim. They could teach us through webinars how best to then document our claims. They could then provide legal counsel to all veterans prior to filing a claim.
No, instead of focusing on helping vets, they would rather make life harder for you.
My Thoughts on VA Security and New Regs
The moral of this story is that we are not in Kansas anymore.
Veterans are now getting the blame for the backlog from VA, and stories on the new claims proposal indicated such. According to VA logic, claims problems are not because of VA’s ineptitude or its civilian disdain for veterans. It is not because of inadequate training or because they are the unofficial insurance company for the Department of Defense. No, none of these reasons apply.
The big problem here is that we have an executive branch of government that is more like a train running off the tracks than a legitimate branch of government. For at least 30 years, the federal government has been moving more in the direction of some form of dictatorship, and the treatment of veterans by VA is merely an outgrowth of this reality.
VA employees operate as if they are completely immune from the penalties most corporate employees would face for doing similar things. Adjudicators and VA executives alike seem to thumb their nose at laws and Congress. They seem to bear no risk of any bad deed or unethical behavior.
Let’s look at the security breach from this weekend.
VA is merely passing it off as a computer glitch… yeah, a computer glitch that just revealed sensitive information about veterans to complete strangers and potentially hackers.
If US Bank let your bank account information go like that, heads would roll and attorneys would line up at the doors of the courts itching to sue the hell out of the company and whomever breached the data.
When it comes to VA, most attorneys have no clue what to do when there is a breach of any kind. So we are not just talking about security breaches, mind you, but a breach of any duty whatsoever. When it comes to VA, attorneys seem to be impotent at holding the senseless behemoth that is VA accountable for any wrongs. Meanwhile, Congress seems to let it roll downhill.
Now, I know what you’re saying if you’re a VA lover. “Ben, you’re being really mean to the VA. Why don’t you ever say something nice.” First of all, VA is a legal fiction that does not have feelings. It is an agency which only has as much power as we give it.
Instead, I am calling a spade a spade. It’s not my job to endorse VA and say nice things no more than it’s your job to read this post. VA spends millions every year to publicists to say nice things about them.
The fact is, VA has a ton of money and has been warned countless times to shape up when it comes to security. Instead, all VA seems to be worried about is screwing some vets out of disability compensation by making it even harder to make a claim.
SHAME ON YOU.
Very aware article to diagnose the problems of the Blob (VA) and to connect the dots to the executive branch, Congress, et all. Very true and well put. So where does the government get their ideas? Certainly they are not that smart or that cohesive to come up with their “ways” by themselves. They have the money to pay very sophisticated psyhcological private think tanks, like RAND for one, to come up with master plans that give the government tight control of population segments they want full control of – the veteran population being just one. To the government, veterans are a cost center, not a profit center, and they need to control all of that. Control equals power. They have all the taxpayer money to do just that. It’s a big red mark on the country that most people don’t see that or want to even know about it. But I think they are starting to catch on.
So if we plan on appealing a claim we better do it now or is this rule effective for claims after a certain date?
I have been waiting for five years to get my claim settled. I am up to the board of appeals and that was done in March of 2013. Part of this problem is as Denise states about how the Dr’s of the VA are was to easy to give you more meds and I have had the problem of meds interacting with each other and the Dr. should have known this. I know check my meds after they want to prescribe them to me. If there is a problem, I use the secure e-mail (which will most likely get hacked in the near future) and ask them about this. If the Dr. states it is OK (as they always do) and I have a reaction, I have something to back me up.
I have had to beg and beg to get anything done (scan type) on my knee that feels like it is coming apart and hurts so much. I finally got the to do an x-ray and wow they found out that my knee if full of arthritis; however, they do not want to do anything about it. I have received many good things from the VA but after fighting for most of it I think the VA sucks and the article above helps to prove this. WE VETERANS need to make them be held accountable for what they do. I know wonder what did they get from the e-benefits site that could affect me? Is there enough personal information on their for them to do identity theft? This is so unacceptable and the fact they are not held accountable for what they do is not right and is unfair to me and my fellow veterans. our government is becoming a dictatorship and no one cares or wants to do anything about it. We go on with our busy lives and have to text or tweet everything because that is more important than anything else in our lives. People wake up and take our country back before it is too late.
Just my $.02 worth
I believe this “glitch” happened months ago, as my computer came up with “warnings not a site to be trusted.” But in the middle of last week I could not sign on, so I sent an “a problem Houston” note, email, whatever. No surprise here. Also since I had a back claim, back in 2012, then they added the PTSD, MST, LORD why not add my death date too? Someone called me, I said look, take care of my damn back claim, I will do the other later, I can’t even sit for an hour and walking is not much better! Lawyer? I am ready for that part as well, but now if someone files a claim, wouldn’t it be wise to order their military records as well as their medical records? I was told they had not ordered my military records. Seriously? Um, do I need to show these massive idiots how the process works? Medical, YUP. Medical Boards, YUP, knows process, that will be the third YUP you get. Oh, and it gets better. Yet, I think Ben you COULD help us on this one. We, the people, who have PTSD, MST, TRIGGERS THAT MAKE NO SENSE, THAT ARE TIRED OF THE INCOMPETENCE OF THE “FIX YOU TEAM” WHO DO NOT FOLLOW THE PROTOCOL OF ANY COGNITIVE THERAPY I KNOW, WANT TO RAIN ON THE VA’S PARADE. Not only that, but once in to see a VA doctor, okay, I admit it, damn, 52 almost 53 years of living in my own body, knows what’s going on. How strange right? To be told it wasn’t my back, but kidney stones, okay little girl talking to me, old enough to be your mom, I do know the difference! She also stated, giving you Cipro, fine, and of course told her if she dares to put me in an MRI machine, then best have me knocked out. Yes, several people who have parts, not original to the body, cannot take what the magnets do to us. So, CT Scan, or anesthesia, your choice! I left, with all my stuff, as I knew, just Cipro. Well, a bag arrives on Friday. All these medications, ookay, wtf? You see, you do not send medications to a patient and not,tell them what they are for, possible reactions, or how to take them! This goes against the “Hippocratic Oath” that yes, even as a Corpsman we said it. The Do No Harm can certainly do harm with what was sent. So, debating, who shall I call? How high do I wish to skip the steps of that so called chain of command? Yes, “DO NO HARM, UNLESS OF COURSE IT IS TO FIRE ONE WHO COULD HAVE DONE EXACTLY THAT!”
Denise, The tip on getting your medical records is a good one. I like going into battle fully armed. I am in the middle of a malpractice claim and purposely obtained my medical records (which is free to do) so at least I can review them, see where the ball was dropped and also present the records to my lawyer for his use.
Phil, I have always kept updated medical records for me to have. I have found so many mistakes on them and I do the secure e-mail to my Dr. so that the correction can be put into my records. I wish everyone would do this. I complained so much to my Dr., the patient advocate, and my senator about how can a Dr. have a person bend their leg and without using a measuring device put down their “range of motion” (ROM) in numbers when they did not get any numbers to put in my record. I was told by patient advocate that the Dr’s do this so much the can “guess” at what the number should be. I told them that the Dr. is lying about the results as he did not measure with anything. I was told that is how it is done. I said but if I apply for an increase, the people looking at my records will see that my ROM is within limits and guess what, no increase. I finally got them to do a new ROM test after my board hearing and wow my legs (both) have limited range of motion. It is enough that I should be receiving an increase for it. The VA is not your friend or here to help you. They will give you meds upon meds upon meds to help but you most likely will get noting else.
I am glad to hear that you have your medical records and are able to go over them; however, if you notice anything that is not right (I was questioned as to my pain on one visit was put down as a zero, I have never been lower than an eight) secure e-mail your Dr. and have him/her put the correction in your records. You put it in your words as to why this or that is wrong and then the people who look into your records will see that you have seen your records and have made an attempt to correct something wrong. This lets them know that you are not one of the many vets who have not looked at their records and they can give them a denied result for their increase and get by with it.