VA officials and veterans reveal facts suggesting eBenefits.va.gov website was hacked. At the least, a software glitch resulted in a privacy breach. This comes on the tail of reports some months ago that VA records were a known target by Chinese hackers.
I’ll touch on this and more below.
Hi and welcome to another edition of Monday Morning Quarterback for Veterans. I am your host, Benjamin Krause, founder and chief editor of DisabledVeterans.org.
MMQB is where I let my hair down and riff on all things VA for my readers.
This weekend, many veterans circulated the rumor that eBenefits.va.gov was down. Apparently the claims were more than just rumors. There was a breach. Today, I also want to touch on some of the new regulations VA is passing down from its VA Throne in DC.
Reports indicate the new regulation will shock some veterans by tightening requirement for claims.
Here is what we’ll briefly cover today:
- Hackers shut down VA system?
- New VA regulations
- My response
VA Privacy Breach
Many news outlets and veterans across social media reported yesterday that eBenefits.gov was down. But many of us did not know why.
Apparently there was a privacy breach on the website that gave rise to the shutdown. According to Navy veteran Sylvester Woodland, the website was more than just glitchy the night before.
“It gave me a different person’s name, each and every time I came back,” he said. “At first I thought it was just a glitch, but the more I thought about it, I said, ‘Wait a minute, this is more than a glitch, this is a breach.’”
Woodland said he put a call into the DoD and VA but did not get a response until Saturday. The agencies asked him to scan some of the pages and mail them back to VA.
Other veterans experienced similar problems, but VA now claims the issue was a matter of a software defect.
Last August, 2013, VA received some heat for its data practices, which led to what appear to be informal press releases from VA via third party venues. The purpose of the messages seem to be to reassure America that VA takes its job of securing veteran data seriously. The FCW VA security article talks about what VA claims it does for those of you interested.
Two months earlier, June 2013, VA’s OIG gave VA a scathing review before Congress. The testimony that was provided by Assistant Inspector Linda A. Halliday leveled VA. Her report sets out the problems with VA cyber security:
Secure systems and networks are integral to supporting the range of VA mission-critical programs and operations. Information technology (IT) safeguards are essential due to the wide availability of hacking tools on the internet and the advances in the effectiveness of attack technology. Lacking proper safeguards, IT systems are vulnerable to intrusions by groups seeking to obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other systems. VA has at times been the victim of such malicious intent. In the past, VA has reported security incidents in which sensitive information has been lost or stolen, including personally identifiable information (PII), potentially exposing millions of Americans to the loss of privacy, identity theft, and other financial crimes. The need for an improved approach to information security is apparent, and one that senior VA leaders well recognize.
In response to the need to improve security controls, VA has made progress defining policies and procedures supporting its Department-wide information security program. However, VA continues to face significant challenges implementing effective access controls, configuration management controls, and contingency planning to protect mission-critical systems from unauthorized access, alteration, or destruction. VA has taken positive steps to safeguard personal and proprietary information used by VA employees and contractors.
In light of this weekend’s revelation, it does not sound like VA took matter of security as seriously as they claimed.
FCW: The Business of Federal Technology
How the VA deals with data breaches
Veterans Group Reacts to New Draconian VA Rule
“Draconian” and “heavy-handed” were two terms Veterans of Foreign Wars used to describe the rules VA is pushing down with its massive overhaul of the disability compensation regulations. But the VFW was not alone in its sentiment.
The new rule would require a veteran to file a claim through processes and procedures set forth by VA lawyers. This would, of course, be reasonable if all veterans were attorneys.
However, many veterans are just struggling, day in and day out. Things like insurance contracts and similar documents are daunting, as they are for most people. Rather than make things easier for vets, VA has opted to restrict the rules even further.
Our own Ron Nesler had this to say about the issue last week:
The current informal claim rule is the only VA rule I know of that actually works to the benefit of the veteran. Under the current rules for informal claims, anytime a vet mentions (either in writing or orally) any condition or illness from which you suffer an informal claim is established. And, that informal claim establishes the date of the claim for back pay purposes.
If you call the VA or drop them a short note written on a cocktail napkin saying that your head has exploded from the high anxiety of waiting six years for a response to a previous communication to the VA, your mere mention of your exploded head establishes an official VA claim for exploded head syndrome. This helps lots of veterans.
Many vets start out trusting the VA and thinking that the VA will help them, if they just tell the VA what is wrong. And, in many, many cases, the vet establishes one or more informal claims, just by telling the VA what is wrong, without ever actually attempting to file a formal claim. Sometimes this rule gets a vet years of unexpected back pay, because the date of their claim, which establishes the date that benefits begin to accrue, goes back to the unofficial claim where the vet was just telling the VA his problems, while looking for help.
Read his full commentary on the proposed VA claims change here.
The real question here is this. Why does VA seem so fixated on restricting claims all the while Congress and the press continue to remind them that it is really hard to even make a good claim in the first place?
Many veterans are completely baffled about the process of filing a claim much less prosecuting their own case against VA’s teams of doctors, adjudicators, decision review officers, and lawyers.
VA could instead just focus its time and money on educating veterans about how best to complete an effective claim. They could teach us through webinars how best to then document our claims. They could then provide legal counsel to all veterans prior to filing a claim.
No, instead of focusing on helping vets, they would rather make life harder for you.
My Thoughts on VA Security and New Regs
The moral of this story is that we are not in Kansas anymore.
Veterans are now getting the blame for the backlog from VA, and stories on the new claims proposal indicated such. According to VA logic, claims problems are not because of VA’s ineptitude or its civilian disdain for veterans. It is not because of inadequate training or because they are the unofficial insurance company for the Department of Defense. No, none of these reasons apply.
The big problem here is that we have an executive branch of government that is more like a train running off the tracks than a legitimate branch of government. For at least 30 years, the federal government has been moving more in the direction of some form of dictatorship, and the treatment of veterans by VA is merely an outgrowth of this reality.
VA employees operate as if they are completely immune from the penalties most corporate employees would face for doing similar things. Adjudicators and VA executives alike seem to thumb their nose at laws and Congress. They seem to bear no risk of any bad deed or unethical behavior.
Let’s look at the security breach from this weekend.
VA is merely passing it off as a computer glitch… yeah, a computer glitch that just revealed sensitive information about veterans to complete strangers and potentially hackers.
If US Bank let your bank account information go like that, heads would roll and attorneys would line up at the doors of the courts itching to sue the hell out of the company and whomever breached the data.
When it comes to VA, most attorneys have no clue what to do when there is a breach of any kind. So we are not just talking about security breaches, mind you, but a breach of any duty whatsoever. When it comes to VA, attorneys seem to be impotent at holding the senseless behemoth that is VA accountable for any wrongs. Meanwhile, Congress seems to let it roll downhill.
Now, I know what you’re saying if you’re a VA lover. “Ben, you’re being really mean to the VA. Why don’t you ever say something nice.” First of all, VA is a legal fiction that does not have feelings. It is an agency which only has as much power as we give it.
Instead, I am calling a spade a spade. It’s not my job to endorse VA and say nice things no more than it’s your job to read this post. VA spends millions every year to publicists to say nice things about them.
The fact is, VA has a ton of money and has been warned countless times to shape up when it comes to security. Instead, all VA seems to be worried about is screwing some vets out of disability compensation by making it even harder to make a claim.
SHAME ON YOU.