Posted in Policy

Nominee for VA CIO vows to improve cybersecurity

Chris Nerney
Chris Nerney, Contributing Writer |
Nominee for VA CIO vows to improve cybersecurity

The nominee to run IT operations for the Department of Veterans Affairs (VA) told a Senate panel he would make improving cybersecurity a priority if confirmed for the position.
James Gfrerer, tapped by President Trump to be the VA’s chief information officer, testified last Wednesday before the Senate VA committee.
The VA has struggled to protect veterans’ health records from cyber threats. In a 2017 report, as Healthcare IT News wrote, the Office of the Inspector General faulted the VA for “weaknesses in configuration management, access controls, security management and contingency planning. Specifically, officials found VA had untimely patching of security vulnerability mitigation and inconsistent enforcement of password standards.”
Further, the VA for the past three years has been on the “high-risk” list compiled by the U.S. Government Accountability Office for lax IT oversight.
Speaking to the Senate panel, Gfrerer empathized with veterans whose health records were vulnerable to cyber attacks.
“I've read the OIG report on material weakness. It's a sustained pattern of unpreparedness,” he said. “As someone who has their personal health information in the VA system, and even if it was Lance Corporal Gfrerer, I would be pretty hot under the collar if there were continued material weaknesses and insecurity."
Gfrerer also said he would strive to improve communications at the VA as it begins integrating modern technology platforms.