Investigators at the Department of Veterans Affairs discovered that at least twelve VA employees improperly accessed the medical records of vice presidential candidates Sen. JD Vance (R-OH) and Minnesota Gov. Tim Walz.
The agency’s leadership has shared evidence of these actions with federal prosecutors and has informed the Trump/Vance and Harris/Walz campaigns about the situation.
VA Inspector General Michael Missal’s office has shared evidence to federal prosecutors on the actions of several employees in the health system, including a physician and a contractor who spent extended time looking at the candidates’ medical files, according to law enforcement officials, raising investigators’ concerns about their motives.
Like the others, the physician and contractor used their VA computers to get into the records, mostly from their government offices.
Investigators are trying to determine whether Walz or Vance’s health records have been shared as a result of the breach. The motives of those who looked at the information are under investigation, law enforcement officials said. Some employees told investigators that they were simply curious to see Walz and Vance’s medical records, as both nominees’ military service has faced scrutiny during the presidential campaign. They are the first veterans on both vice-presidential tickets since the 1996 campaign, when Democrat Al Gore and Republican Jack Kemp were running.
The VA employees did not gain access to any disability compensation records, which are held more securely than health records, officials said.
“Any attempt to improperly access Veteran records by VA personnel is unacceptable and will not be tolerated,” VA press secretary Terrence Haines told The Washington Post in an email.
Both vice presidential candidates are military veterans: Vance served four years in the Marine Corps, while Walz was in the National Guard for 24 years.
The breaches reportedly took place in July and August and were uncovered during a security audit of high-profile health accounts, according to The Post.
Missal’s office found that veterans’ health records are relatively easy to log into for VA physicians and other medical personnel in the health system of close to 400,000 employees serving more than 9 million registered veterans, a policy designed to ensure quick access for doctors inside and outside VA in an emergency. That contrasts with the benefits division, which distributes monthly disability compensation payments to more than 5 million veterans, and limits access to these records to a small number of employees, and fewer still for the records of high-profile figures, officials said.
Employees not facing criminal charges may still encounter disciplinary actions within the agency. Accessing someone’s health information without their knowledge or consent violates the Health Insurance Portability and Accountability Act (HIPAA).
Prosecutors are considering several factors, such as the duration of the file access and the intent behind it, before deciding on potential charges. The Post’s report indicated that these breaches are “common as the healthcare industry faces increasingly sophisticated cyberattacks.”
In the United States, cyberattacks against healthcare providers have surged by 53 percent over the past three years, with major data breaches increasing by 93 percent from 2020 to 2022.
We’ll keep you updated.
