Report: VA stopped publishing breach reports for 9 months

A
A
A

Joseph Marks, senior correspondent at NextGov, discusses his article about the lack of quarterly breach reports from the Department of Veterans Affairs, and Sen. John McCain’s cyber legacy.


According to an article published in NextGov, the Department of Veterans Affairs stopped publishing information security reports for the first three quarters of FY18. The VA reports outline security breaches that could impact veterans. Joseph Marks, senior correspondent at NextGov and author of the article, says that days after he asked, the reports were published, but compared to the monthly reports that used to be prevalent, these three reports are vaguer.

 

“We didn’t learn a whole lot from it. Essentially what they put out is what the old quarterly reports were, rather than the monthly reports. It’s really just a tally of one incident at this VA facility and one at this facility. We don’t know anything about the severity of the incidents, which could be someone sent an e‑mail unencrypted or someone left a physical file out somewhere. We really don’t know if these are no big deal or really important,” said Marks.

“We do know there were 500 incidents one quarter, and up to 3500 the next quarter, down to 900 the following one. The raw incident numbers always skewed wildly like this. It doesn’t actually tell you what is actually going on.”