The Department of Veterans Affairs has failed to take the steps necessary to protect private information, according to a new
Government Accountability Office (GAO) report.
A series of cyberattacks in recent years have raised questions about VA computer security. In 2010, for example, attackers exploited weak technical controls to hack into the department’s information system.
In January, a software defect in the VA’s eBenefits system allowed users unimpeded access to other veterans’ information, compromising private data on 1,300 veterans or their dependents.
The GAO reported that the department has taken steps to correct some network vulnerabilities, and now must report to Congress each month on private data breaches. But it concluded that the Veterans Affairs Department had not done enough to protect its network from attack.
Following a 2012 cyberattack, the VA’s Network and Security Operations Center moved to correct network weaknesses exploited by hackers. But the GAO said the department could not demonstrate that its efforts had proven successful, because staffers couldn’t find a key "forensics analysis report" on the subject,
Stars and Stripes reported.
"Without preserving such evidence, VA will be unable to demonstrate the effectiveness of its incident-response measures and may be hindered in assisting law enforcement agencies in investigating and prosecuting cybercrimes," GAO Information Security Issues Director Gregory Wilshusen said in testimony before the House Veterans Affairs Committee Tuesday, Stars and Stripes reported.
The GAO also faulted the department as slow to apply "patches" to correct known software vulnerabilities.
Through May of this year, it had failed to fix the top 10 critical vulnerabilities identified by its own security scans, despite the fact that in some cases the necessary patches had been available for several years, Stars and Stripes said.
© 2026 Newsmax. All rights reserved.