VA COMPUTER VULNERABILITY
> IMMEDIATE RELEASE
> CONTACT: Dan Amon
> (202) 225-3664
> September 21, 2000
> DEPARTMENT OF VETERANS' AFFAIRS COMPUTER SYSTEM FOUND HIGHLY VULNERABLE
> VETERANS OVERSIGHT SUBCOMMITTEE TOLD VA COMPUTER VULNERABILITY PLACES
VETERANS' MEDICAL AND PERSONAL RECORDS AT RISK
> WASHINGTON - The U.S. Department of Veterans' Affairs
> computer network containing veterans' medical, personal and financial
> records has been and continues to be at risk to hacking according to
> testimony delivered today to the House VA Oversight and Investigations
> Subcommittee by the VA's own Office of Inspector General.
> "I find this revelation extremely scary," remarked House VA
> Oversight Subcommittee Chairman Terry Everett, R-Alabama. "Veterans
> depend upon the VA for health care and benefits, but they also trust the
> to protect their personal information, including medical and financial
> "The fact that the VA's computer system has been at great
> risk to hacking and continues to be susceptible to unauthorized
> is frightening and demands immediate attention from the highest levels of
> the Administration. Equally disturbing to me is the fact that the VA
> determine if their computers have already been hacked, if any damage was
> done to system records, or if any funds were compromised."
> "I am worried about management," said Rep. Corrine Brown
> (D-FL) the Subcommittee's Ranking Democratic Member. "The "One
> so vital to VA's survival - will either succeed or fail on its
> technology. Yet VA's separate administrations for Health, Benefits and
> Cemeteries have separate Chief Information Officers (CIOs) who report not
> VA's overall CIO -- its Assistant Secretary for Information Technology --
> but to the separate Under Secretaries for Health, Benefits and
> Today, Michael Slachta, the VA's Assistant Inspector General
> for Auditing told the VA Oversight and Investigations subcommittee that
> agency contracted with a private firm to perform penetration testing of
> VA's nationwide computer network from December 1998 to January 1999. The
> government paid hackers using unsophisticated techniques had no
> penetrating and gaining access to the VA's internal computer network.
> The penetrators were able to access the VA's computer
> network backbone and thereby "owned the system," Slachta told
> Everett and subcommittee Ranking Member Corrine Brown.
> In response to questioning from Everett and Brown, Slachta
> acknowledged that the VA had no idea that their computer system had been
> hacked until they were notified by the IG's office. He further admitted
> the VA's computer security was lax enough to make it possible for
> unscrupulous employees to manipulate payment information.
> "I don't know what frightens me more, the fact that the VA's
> sensitive private computers records were so vulnerable to outside or
> internal unauthorized penetration or that the VA has no idea if anyone
> already compromised the system by corrupting data and defrauding the
> "This is extremely serious and I intend to hold the VA and
> the Administration accountable if any damage has already been done,"
Affairs web site, named 'One of the Best Web Sites in Congress' by the
Congressional Management Foundation, May 3, 1999.