VA Million Veteran Program Cybersecurity Gaps Exposed | Legis1

Staff Editor 2026-05-26
VA Million Veteran Program Cybersecurity Gaps Exposed | Legis1

VA Million Veteran Program Cybersecurity Gaps Exposed | Legis1

https://legis1.com/news/va-cybersecurity-gaps-vas-million-veteran-program

Publish Date: 2026-05-26 12:47:00

Source Domain: legis1.com

Why it Matters

The Department of Veterans Affairs (VA) holds some of the most sensitive data in the federal government: the genetic profiles, medical histories, and mental health records of millions of Americans who served in uniform. A new Government Accountability Office (GAO) report, publicly released May 21, 2026, found that while the VA has made meaningful strides in veterans affairs data protection, significant cybersecurity gaps persisted in a program housing the genetic data of roughly one million veterans. The findings arrive at a moment when federal data security is under intense public scrutiny.

The Big Picture

The VA’s Million Veteran Program (MVP), launched in 2011, is the nation’s largest biorepository of veteran data. Approximately one million veterans have enrolled, voluntarily contributing blood samples, health surveys, and personal histories to advance research into how genetics, lifestyle, military service, and environmental exposures shape long-term health outcomes.

The program’s scale is its strength — and its vulnerability. The sheer volume of sensitive biological and health data concentrated in a single research infrastructure makes it a high-value target, and the GAO found that the cybersecurity controls protecting that infrastructure were not fully up to the task.

Auditors identified deficiencies in four core areas of protected health information security within a key system supporting the MVP:

  • Asset and risk management — tracking what systems and data exist, and what threats they face
  • Configuration management — ensuring systems are set up securely and consistently
  • Identity and access management — controlling who can access sensitive data and under what conditions
  • Continuous monitoring and logging — detecting and recording unusual activity in real time

Together, these gaps gave the VA “reduced assurance of the confidentiality and integrity” of sensitive health information stored in the MVP system, according to the…

Source

More Stories

OMB swaps Biden-era cyber memo for new prioritized logging tactic

OMB swaps Biden-era cyber memo for new prioritized logging tactic

Staff Editor 2026-05-26
Internet Starts to Return in Iran After 3-Month Blackout

Internet Starts to Return in Iran After 3-Month Blackout

Staff Editor 2026-05-26
Cybersecurity stocks are surging. One looks promising into earnings

Cybersecurity stocks are surging. One looks promising into earnings

Staff Editor 2026-05-26

Terms and Conditions - Privacy Policy