VA: Hackers Never Siphoned Data Out of Our Systems


Veterans Affairs experiences 55,000 malware attacks a day, agency official says.

Correction: VA did not experience downtime with it VBMS system this quarter.  It has experienced unscheduled downtime previously.

The Department of Veterans Affairs’ computer networks and systems remain under constant threat -- including from attacks by foreign actors -- but no data has been “exfiltrated” as a result of attacks, Stephen Warren, the department’s chief information officer said at a media roundtable yesterday.

VA systems are “always under threat,” Warren said, disclosing that VA tracks and blocks 55,000 new malware variants every day through continuous monitoring.

VA’s cyber-defense includes use of the Einstein 3 tool, developed by the Department of Homeland Security, which Warren said automates “deep packet inspection” to sniff out malware.

Last summer, it was first reported foreign actors had penetrated the agency's networks. 

At a House Veterans Affairs subcommittee hearing in June 2013, Rep. Michael Coffman, R-Colo., said VA knew foreign intruders had compromised its network but the department “was never sure what exactly these foreign actors took, because the outgoing data was encrypted by the trespassers.”

During the media roundtable yesterday, Warren repeatedly said foreign actors have never siphoned data out of the VA, either in the past or today -- something he checks on a daily basis.

To protect its systems, Warren said VA screens 4.5 million emails a day and has encrypted 100 percent of the 438,395 laptops and desktops on its network.

VA has also begun installing secure WiFi systems at all 152 of its hospitals, according to a fact sheet distributed by Warren at the round table, and will complete deployment by the end of the current fiscal year in September 2015.

Clinicians can use those networks to access health care information through 11,200 mobile devices VA distributed in 2014, the fact sheet stated.

Warren Also Talks New Scheduling Software, Claims Backlog System

VA has received a strong response from industry to its requirements for a new patient scheduling system, Warren said. So far, 13 companies have shown an interest in the project.

Poor scheduling practices have embroiled the VA in an ongoing scandal since this April, following media reports of the deaths of some patients allegedly due to delayed appointments.

Warren said VA expects to issue a request for proposals for the new scheduling system by the end of December and award a contract by the end of March 2015. He said the system should be fully installed in all VA medical facilities within two years of contract award.

VA uses a continuous improvement process to update its Veterans Benefits Management System, Warren said. His Office of Information and Technology delivers new capability for VBMS every 90 days.

VBMS, the core technology designed to eliminate the claims backlog this year through paperless processing, has not experienced any unscheduled downtime this quarter, Warren said.

Warren said he also plans to offer more insight into the agency’s IT programs and projects, which is why he held the roundtable, he said.  Warren said he plans to conduct more in the future.  

(Image via jcjgphotography/