Put a Stop to Voogling Veterans
0 have signed. Let’s get to 100!
Put a stop to Voogling Veterans.
What is Voogling? Voogling a veteran and/or the veteran's family members is committed by anyone who has access to the VA's computer system and uses the VA's computer system to view a veteran's information without first having authorization from the veteran. Many people are familiar with the term "Googling" a person, which means scrounging up any information that might be on the internet about that person. However, at the VA, thousands of people have access to (most) a veteran's very private information with only a few strokes of a keyboard. The scary part is that the VA forgot to build in cybersecurity measures to prevent and stop unauthorized access. Essentially, veterans have more privacy and control on social media than they do at the VA.
Take a look at these staggering facts:
1) The Department of Veterans Affairs (VA) has a history of veteran medical record and sensitive personal information privacy violations; and
2) The Office of Inspector General (OIG) released a report April 2016, in which the VBA had not integrated proper audit logs in VBA’s new system called Veterans Benefits Management System (VBMS); and
3) VA failed to establish satisfactory system requirements in VBMS that would ensure that accurate audit logs were created; and
4) Veteran medical records and sensitive personal information data sit at the root of all privacy and security user training and access controls not being properly implemented nor adequately monitored. A clear violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its’ enforcement; and
5) OIG discovered VBA cannot detect if an employee without proper access authorization has improperly accessed a veteran’s file, because VBMS is not compliant with audit log procedures per required Federal Information Processing regulations; and
6) OIG reported that the security vulnerability is due in part because the Office of Business Process Integration did not create system requirements in VBMS to assure audit logs could accurately pinpoint security violations; and
7) The VA is required by several regulations (e.g., Federal Information Processing Standards Publication) to develop, sustain, and retain audit records to supervise, analyze, and report on inappropriate access of information systems; and
8) VA’s own VA Handbook states that information systems are required to create detailed audit logs that can help recreate a data security incident and/or breach as well as restrict certain VBMS user’s system wide, to include Tele-Work without the proper authorization access level from accessing certain claim files; and
9) VA must establish a level of visibility that will provide VBMS system security monitors the ability to detect unusual behavior and the necessary tools to quickly identify and respond to any unauthorized user access, thus ensuring system integrity and user access authorization level is compliant with all regulations and procedures;
Veterans cannot do this alone and that is why they your help with seeking legislation to change applicable regulations that will ensure VA programs containing Veterans’ Electronic Medical Records and Sensitive Personal Information restrictions are in place with appropriate security system monitors to deter any unauthorized users from accessing veterans’ information, have functional and accurate audit logs that can pinpoint security violations, as well as, compliant with existing laws and regulations minimizing any ambiguity and ensures adherence and accountability.
Complete your signature
0 have signed. Let’s get to 100!