House Committee on Veterans' Affairs

News

• Current Press Releases
• 110th Congress Press Releases
• 109th Congress Press Releases

Washington, D.C. — House Committee on Veterans’ Affairs Ranking Member Steve Buyer (R-Ind.) made the following statement in connection with the report that a Department of Veterans Affairs (VA) employee on January 22 disclosed a missing hard drive containing sensitive data on approximately 1.8 million individuals.

“Last May a VA analyst foolishly brought home a laptop and hard drive containing the sensitive personal data of some 29 million veterans, servicemembers, and family members.  The drive was stolen, but ultimately recovered.   

The May calamity helped enable VA Secretary Jim Nicholson to shoulder aside slow-rolling bureaucrats – mostly in VA’s health administration – and centralize the agency’s disorganized information technology system.  Secretary Nicholson has earned my praise in moving VA toward sound IT management after a decade’s oversight from this committee showed the necessity of centralization. 

As shown in two recent incidents, it is disappointingly clear that much of the secretary’s bureaucracy – primarily (but not exclusively) managers, chiefs and directors of staffs and facilities – prefers the status quo to progress and the directives of the secretary.

Just over a week ago, we learned that in January, a Birmingham VA Medical Center research employee lost control of sensitive data on some 535,000 veterans and 1.3 million non-VA doctors.  The VA has the ability to centrally store encrypted data for password-protected download by authorized users.  Yet, this data was not totally encrypted and was stored on a VA-owned external drive highly vulnerable to loss or theft.  The potential for fraud in the wake of this loss is enormous.

Going back to early January, a VA acting deputy chief research and development officer, Dr. Joseph Francis, was recorded during a meeting making comments indicating he had no intention of taking information security seriously.  Francis instead chose to disparage those in Congress who demand responsibility and accountability on behalf of veterans.  Responding to a committee request that VA identify the location of its sensitive data, a “data call,” Francis told his staff: “If you want to know what’s the real purpose of the data call, read Machiavelli.  It’s about power, it’s about Congress saying, ‘VA, you’re accountable to us’. We’re not asking people to do an A-plus job on this report.”

Dr. Francis appears to represent a VA management culture that still does not comprehend the seriousness of data security. The security of information is integral to the quality of VA health care.  It does a veteran little overall good to have an illness effectively treated if the system makes him an identity fraud victim in the process.

Congress does expect an A-plus job of Dr. Francis, as it does all the people who are entrusted with the health care and benefits delivery of America’s veterans and family members.  I know that Secretary Nicholson expects the same, as do America’s veterans and the nation’s taxpayers.

The time for second-guessing by VA middle management is over.  It is time now for those who must carry out the secretary’s intent to do so, efficiently, decisively and without further delay.”