Former VA cybersecurity chief issues dire warning about data belonging to millions of veterans

Sensitive financial and health data belonging to millions of veterans and stored on a benefits website is at risk of being stolen or otherwise compromised, according to a federal employee tasked with cybersecurity who was recently fired as part of massive government-wide cuts.

The warning comes from Jonathan Kamens, who led cybersecurity efforts for VA.gov—an online portal for Department of Veterans Affairs benefits and services used by veterans, their caregivers and families. Kamens was fired February 14 and said he doesn’t believe his role will be filled, leaving the site particularly vulnerable.

“Given how the government has been functioning for the last month, I don’t think the people at VA . . . are going to be able to replace me,” Kamens told the Associated Press Monday evening. “I think they’re going to be lacking essential oversight over cybersecurity processes for VA.gov.”

Kamens said he was hired over a year ago by the U.S. Digital Service, whose employees’ duties have been integrated into presidential adviser Elon Musk’s Department of Government Efficiency, which is leading the downsizing effort. Kamens was a digital services expert and the VA site’s information security lead when he was fired by email at night, along with about 40 other USDS employees, he said.

Millions of people use the VA.gov website monthly, Kamens said, and the department is responsible for securing private health and financial information including bank account numbers and credit card numbers. Others on the team will focus on protecting the site, but his expertise can’t be replaced, he said, noting he was the only government employee with an engineering technical background working on cybersecurity.

“VA.gov has access to a huge number of databases within VA in order to provide all of those benefits and services to veterans,” Kamens said. “So if that information can’t be kept secure, then all of that information is at risk and could be compromised by a bad actor.”

Peter Kasperowicz, a Veterans Affairs spokesman, said the loss of a single employee wouldn’t affect operations, and noted that hundreds of cybersecurity workers are among the department’s staff of nearly 470,000.

Meanwhile, more than 20 civil service employees who’d also previously worked for USDS resigned Tuesday from DOGE, saying they refused to use their technical expertise to “dismantle critical public services.”

Kamens said he was required to have a background check and a drug test before he was allowed to access any system containing veterans’ data. He said he doesn’t understand why Musk and DOGE shouldn’t have to jump through the same hoops.

“I don’t think they should have access to that data,” Kamens said. “These are people who have never been background-checked. They’re not confirmed to be trustworthy.”

Kamens also said he’s worried that DOGE is “trying to break down the walls of decentralization” that have kept data isolated in individual agencies.

Centralization, he said, could increase the chances for abuse. He also described confusion since DOGE became involved—people didn’t know who their manager was, work became isolated, and people were “frozen out.”

“The only motive that I can think of,” Kamens said, “is exactly because they want to be able to use that data to harm citizens that they perceive as enemies of the state.”

—Brian Witte and Rodrique Ngowi, Associated Press

https://www.fastcompany.com/91285584/former-va-cybersecurity-chief-issues-dire-warning-about-data-belonging-millions-veterans?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss