Wave Systems Corp. (fka WAVXQ)

[Genz2]

VA data breach also hit 17,000 community care providers, senators say

https://federalnewsnetwork.com/veterans-affairs/2020/09/va-data-breach-also-hit-17000-community-care-providers-senators-say/

This story was updated a third time on Friday, Sept. 18 at 2:30 p.m. with additional comments from the Department of Veterans Affairs.

This story was updated a second time on Friday, Sept. 18 at 12:30 p.m. with additional information from congressional aides.

This story was updated on Thursday, Sept. 17, 2020 at 7:20 p.m. with a statement from the Department of Veterans Affairs. VA did not immediately return a request to explain the wide discrepancy in accounts about the number of impacted community care providers.

The data breach the Department of Veterans Affairs announced earlier this week exposed personal information for 46,000 veterans, but it also hit several thousand community care providers that supplement the agency’s medical program.

Approximately 17,000 community care providers that provide health services to veterans were also victims of the breach, Democrats on the Senate Veterans Affairs Committee said Wednesday.

Officials had briefed members of the House and Senate veterans committees about the VA data breach.

“Based on information currently available, it appears this cybersecurity incident was carried out by those able to find weaknesses in the way VA authenticates community care health care providers using veterans care agreements and processes payments for their services,” senators, led by committee ranking member Jon Tester (D-Mont.), said in a letter to VA Secretary Robert Wilkie.

VA on Thursday evening pushed back against the senators’ account but provided little clarification.

“There were 13 VA community care providers involved in this incident, not 17,000. VA will reimburse those vendors who had payments diverted,” Christina Noel, a department spokeswoman said in an email to Federal News Network.

The department on Friday afternoon later clarified: “17,000 community care providers used the application involved in the incident, but only 13 of those were impacted by the breach and just six had payments diverted,” Noel said. “VA is working with those vendors to compensate the lost funds.”

VA officials briefed members of Congress about the data brief on Sept 8, according to a congressional aide with knowledge of the phone call. The department identified 17,000 community care providers and doctors, as well as 46,000 veterans who had information in the compromised system.

As with most data breaches, the pool of potentially impacted people fluctuates over time, as investigations unfold and victims discover direct evidence of misuse, identity theft or even stolen information.

The congressional aide said VA was trying to downplay its standard protocol of identifying every individual whose personal information was potentially compromised, including the 17,000 community care providers who were in the risk pool.

The department on Monday declined to elaborate on the specific system that had been breached or the timing of the incident, citing an ongoing investigation of the VA data breach from its inspector general.

But in their letter to Wilkie, Senate Democrats said the department’s customer engagement portal was the site of the VA data breach. The portal was one of 85 different systems under a single authority to operate (ATO), which VA’s Financial Services Center manages.

The Financial Services Center provides administrative and financial management services to VA and other federal agencies and is one of three enterprise services within the department’s franchise fund.

“Are you concerned that VA’s Office of Management, responsible for ‘oversight of VA’s internal control program and compliance with improper payments legislation as well as prevention of fraud, waste, and abuse’ is the organization where this data breach occurred?” the senators said. “What additional steps have you directed to ensure OM reviews all relevant protocols, organizational structures, and oversight mechanisms to ensure such an incident does not reoccur?”

Senate Democrats said they were supportive of the IG investigation. But they questioned VA’s track record with handling past cybersecurity incidents and securing the department’s vast trove of data.

“This is not a new vulnerability for VA,” Tester and his committee colleagues wrote. “Rather, it is a long-standing weakness of the department as identified by independent reviews conducted by the VA OIG and the Government Accountability Office for more than 10 years. The information provided to Congress on this incident raises countless questions and does not instill confidence that VA is adequately addressing the current incident or working to better safeguard private information in the future.”

According to the senators, the officials from VA’s Office of Information and Technology who briefed them said the data breach was the responsibility of the department’s Financial Services Center.

“This most recent data breach is unacceptable,” senators wrote. “It also exposes the fact that VA has not taken the necessary steps to ensure oversight, accountability and security of the vast financial, health, and other personal data it collects and processes to perform its critical services for America’s veterans. Incidents such as these impact individual veteran’s lives as well as those who partner with VA to provide services to them. It is imperative VA take aggressive and decisive action to address this current incident and lay out a strategy to prevent such problems from arising in the future.”

In a lengthy list of questions for the department, senators pointed to a 2019 GAO report, which offered four recommendations for VA’s cybersecurity and enterprise risk management programs.

Specifically, GAO recommended VA establish a requirement and process for conducting an organization-wide cybersecurity risk assessment. VA told GAO last summer it would have those plans in place by June 2020.

“The department has made steady progress in improving cybersecurity by taking numerous actions to bolster VA’s security posture, including revising policies, adding additional monitoring capabilities and improving workforce incorporation of cybersecurity and privacy habits,” Noel, the VA spokeswoman, said.

VA is currently knee-deep in several IT modernization projects, including a decade-long effort to adopt a new, commercial electronic health record and achieve interoperability with the Pentagon. The department has spent much of the pandemic rapidly expanding its telework and telehealth capacity and adding new digital tools for veterans to more easily connect with VA.

On Wednesday, it described the latest project: an overhaul to the IT systems the Veterans Benefits Administration uses to process education and housing claims under the GI bill.
=================================================================
It would be a real shame if "the department's vast trove of data" was stolen by bad actors. Wave shows that on its website that Wave VSC 2.0 and Wave ERAS can keep the bad guys (unknown and unapproved) devices from accessing organizations' networks and thus from getting data. The VA could really use Wave solutions!!! If someone like Bill Solms or Bill Solms could show the VA the way, a potential tragedy could be avoided!!!
=================================================================
https://www.wavesys.com/buzz/pr/wave-systems-announces-first-us-federal-government-customer-wave-virtual-smart-card-2.0

Wave Systems Announces First U.S. Federal Government Customer for Wave Virtual Smart Card 2.0

Lee, MA -

October 2, 2014 -

Wave Systems Corp. (NASDAQ: WAVX) marked an important sales milestone by announcing the first U.S. federal government customer for its Virtual Smart Card 2.0.

Since the Virtual Smart Card 2.0 became commercially available in late July 2014, Wave has entered into dozens of pilot deployments in multiple sectors, including healthcare, financial services, automotive, energy and utilities. However, today’s announcement marks the product’s first sale in the government sector.

“This is an important milestone for Wave,” said Bill Solms, CEO of Wave. “Wave Virtual Smart Card 2.0 has been purchased by a government agency with significant security requirements and one that requires redundant means of system authentication due to national security interests. This initial sale is modest compared to the addressable market within the Federal Government sector, but it is important to our strategy for marketing the Virtual Smart Card to address critical government infrastructure defense.”

“We believe that this sale, which was completed on a shorter sales cycle than we had anticipated, supports our view that customers are interested in the type of cyber security solution that Wave’s Virtual Smart Card 2.0 provides,” Solms added.

Wave Virtual Smart Card 2.0 is the industry’s only enterprise-grade virtual smart card management solution that works on Windows 7. It also supports Windows 8 and 8.1. Wave’s new solution emulates the functionality of physical smart cards or tokens, but offers greater convenience to users, lower total cost of ownership, and a reduced risk of unauthorized use.

Wave Virtual Smart Card 2.0 gives IT the ability to:
• Remotely create and delete virtual smart cards
• Provide help desk-assisted recovery
• Configure PIN and card policies
• View the status of virtual smart cards and enrolled certificates
• Generate reports for compliance
• Support virtual smart cards on laptops, tablets and desktops with TPM 1.2 or TPM 2.0

BETTER SECURITY AT LESS THAN HALF THE COST!!!
==================================================================
https://www.wavesys.com/

https://www.wavesys.com/contact-information