VA officials face scrutiny over cybersecurity budget amid rising data breach concerns

In a critical oversight hearing on November 21, 2024, the U.S. House Committee on Veterans' Affairs scrutinized the cybersecurity measures in place for the Department of Veterans Affairs (VA), highlighting significant concerns over the protection of veterans' sensitive data. Assistant Secretary Del Bene acknowledged the challenges posed by the current fragmented electronic health record (EHR) systems, which include both the legacy VISTA system and the newer Oracle system. He noted that this dual-system approach increases vulnerability, emphasizing that a unified system would reduce the cybersecurity surface area that needs protection.

The discussion revealed that despite a staggering $10 billion investment in electronic health records, the VA's cybersecurity budget remains alarmingly low, accounting for less than 1% of the overall budget. This underfunding has raised alarms among committee members, particularly in light of recent cyber incidents affecting VA facilities. Del Bene confirmed that while the VA has not experienced substantial breaches within its internal systems, the potential risks remain high, especially given the sensitive nature of veterans' medical information.

Committee members expressed frustration over the lack of a seamless EHR system and questioned the effectiveness of current cybersecurity practices. Del Bene assured that the VA enforces strict contractual requirements on partners like Change Healthcare to adhere to security baselines, but acknowledged that the responsibility ultimately lies with the VA to ensure compliance.

The hearing also touched on the need for a more robust budgeting approach, with suggestions for implementing zero-based budgeting to better address the rapidly evolving cybersecurity landscape. Del Bene agreed that a detailed breakdown of cybersecurity expenditures is essential for transparency and accountability.

As the hearing concluded, the urgency for increased funding and improved cybersecurity measures was clear. With the VA's cybersecurity budget under scrutiny, lawmakers are poised to push for significant reforms to safeguard the personal data of millions of veterans, ensuring that their medical information remains secure in an increasingly digital world.