President Biden has signed new legislation that will require the Department of Veterans Affairs to obtain an independent audit of its IT systems and cybersecurity programs.
The Strengthening VA Cybersecurity Act of 2022 was enacted on Dec. 27 and is intended to boost cybersecurity across the department and protect veterans’ data.
It was proposed following a 2020 cyberattack during which the data of 46,000 veterans was compromised after hackers breached computer systems at the department.
The legislation was introduced in the House of Representatives by Veterans’ Affairs Technology Modernization Subcommittee chair Frank Mrvan, D-Ind. It was co-sponsored by Reps. Nancy Mace, R-S.C., Susie Lee, D-N.V. and Andrew Garbarino, R-N.Y.
A companion measure was introduced in the Senate by Sens. Jacky Rosen, D-N.V., and Marsha Blackburn, R-Tenn.
Cybersecurity at the Department of Veterans Affairs continues to be a key concern. In September, FedScoop reported on a serious cyber incident after a federal contractor published source code containing sensitive credentials on software development hosting service GitHub.
At the time, three people with direct knowledge of the matter told FedScoop the compromised information included hard-coded administrator account privileges, encrypted key tokens and specific database table information.
During the 2020 cyberattack on the department, about 46,000 veterans had their personal information, including Social Security numbers exposed, as unauthorized users gained access to an online application for making health care payments.
Commenting on the legislation when it was proposed in April, Rep. Mrvan said: “This legislation will move us in the right direction to give VA the tools it needs to effectively protect against new and emerging cybersecurity threats and safeguard our veterans’ personal information.”