General Discussion
In reply to the discussion: Can We "Privatize" the VA Without Jeopardizing National Security? [View all]Lee-Lee
(6,324 posts)He deals with both classified and unclassified systems.
He first reiterated like I said that there is zero reason why any classified information should ever be disclosed to a health care provider like that, and in the case that it ever was there is zero reason why it should be put on unclassified systems.
But playing devils advocate he said if anything information that ends up on VA servers is probably more at risk to compromise. He based this on several things. First is how ancient and badly run the VA computer system is. Second is that it is a one single large system, so it is an obvious target that once comprised would compromise all the data in it. So breach one system and you have access to every vets records. That makes it a lucrative target.
He said in contrast the same vets going to a wide range of private providers would have their data on a wide variety of systems that are for the most part better secured because the private health care industry faces stiff penalties for compromising private data, and to try and compromise data would require either targeting a specific person by finding their provider, hacking them and hoping that classified data was negligently on that system, and repeating that hundreds of thousands of times on different systems.
So VA systems are likely less secure, and a more lucrative target to hack because of how much data is on the one big system.