About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

GAO-23-106412 1 (2023-04-18)

handle is hein.gao/gaoomh0001 and id is 1 raw text is: U.S. GOVERNMENT ACCOUNTABILITY OFFICE 441 G St. N.W. Washington, DC 20548 April 18, 2023 The Honorable Mark Takano Ranking Member Committee on Veterans' Affairs House of Representatives CYBERSECURITY: VA Needs to Address Privacy and Security Challenges Federal agencies, including the Department of Veterans Affairs (VA), collect and process large amounts of personally identifiable information (PII) that are used for various government programs.1 The PII collected by federal agencies, along with the increasing sophistication of technology, highlights the importance of strong programs for ensuring privacy protections. Such programs are especially critical when considering recent breaches involving PII that have affected millions of people.2 Federal agencies, including VA, rely extensively on IT to carry out their operations and deliver services to constituents. Federal systems and networks, including those of VA, are often interconnected with other internal and external systems and networks, thereby increasing risk and the means used to initiate cyberattacks. Without proper safeguards, computer systems are vulnerable to individuals and groups with malicious intent who can intrude and use their access to obtain sensitive information, commit fraud and identity theft, disrupt operations, or launch attacks against other computer systems and networks. Since 1997, GAO has designated information security as a government-wide high-risk area-a designation that remains today.3 Health data, such as those managed by VA's electronic health record (EHR) system are essential to VA's ability to deliver health care services to about nine million veterans annually. In particular, the health care sector, including VA, uses a wide array of information systems and technologies across multiple settings, such as physician offices and hospitals. While the increasing use of health IT systems has the potential to improve health care quality, these systems can be vulnerable to the loss or unauthorized disclosure of patients' PI1. You asked us to review VA's privacy and security efforts. Specifically, we reviewed VA (1) privacy practices and challenges and (2) security challenges. To address both objectives, we reviewed prior reports and testimonies that described privacy and security challenges faced by 11n general, PII is any information that can be used to distinguish or trace an individual's identity, such as name, date or place of birth, and Social Security Number; or that otherwise can be linked to an individual. 2A breach is an unauthorized or unintentional exposure, disclosure, or loss of an organization's sensitive information. 3See GAO, High-Risk Series: Dedicated Leadership Needed to Address Limited Progress in Most High-Risk Areas, GAO-21-119SP (Washington, D.C.: Mar. 2, 2021); High-Risk Series: An Overview, GAO-HR-97-1 (Washington, D.C.: February 1997); and High-Risk Series: Information Management and Technology, GAO-HR-97-9 (Washington, D.C.: February 1997). In 2003, we expanded this area to include computerized systems supporting the nation's critical infrastructure and, in 2015, we further expanded this area to include protecting the privacy of personally identifiable information. GAO-23-106412 VA Privacy and Security Challenges Page 1

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most