(LibertySons.org) – Several of President Joe Biden’s nominees have faced stiff questioning during Senate confirmation hearings, and more than one job candidate has had to withdraw from consideration. While the president recently submitted a candidate whose confirmation would hold historic significance as the first woman or person of color to hold the position, a whistleblower accused that nominee of failing to respond to significant data security gaps, essentially keeping a data breach secret.
In April, Biden nominated the current Veteran Affairs chief of staff, Tanya Bradsher, to become the deputy secretary for Veteran Affairs (VA). Yet, even before her nomination, questions followed her and the VA regarding their handling of sensitive data related to the VA’s Integrated Workflow Solution (VIEWS) program and the Salesforce platform on which the program exists.
Two watchdog organizations, Empower Oversight and Whistleblowers of America (WOA), joined now-retired VA Program Manager Peter Rizzo in sending a letter to the Senate Veterans Affairs Committee on May 29, asking them to pause Bradsher’s confirmation process pending a full report from the US Office of Special Counsel. Rizzo contacted Bradsher’s deputy chief of staff, Maureen Elias, in July 2022 after finding that the VIEWS system revealed personal identifiable information (PII) and protected health information (PHI) about VA whistleblowers who had lodged complaints about the VA with congress members or congressional committees. Any VIEWS users could access the information regardless of their need or authorization for the sensitive information.
Empower Oversight and WOA suggested the VA’s use of the Salesforce platform to host the VIEWS program caused the underlying security issue. Rizzo also revealed another security risk associated with the platform allowing VIEWS users to access the program without logging in again after their initial log-in, putting user accounts at risk of compromise.
In August 2022, the OSC found “a substantial likelihood of wrongdoing” on the VA’s part and ordered Bradsher and the VA to investigate and supply a report within 60 days. Yet, Rizzo reported the agency had applied for extensions every 60 days since that ruling, effectively ignoring whistleblower data breach concerns.
In her new position, Bradsher would become responsible for maintaining and improving the electronic healthcare program and all the sensitive data that entails.
~Here’s to Our Liberty!
Copyright 2023, LibertySons.org
