VA Health / My HealtheVet — Department of Veterans Affairs

⚠️ The bottom line

26.5 million veterans — virtually every living person who served in the US military — had their Social Security numbers exposed when a VA employee took a laptop home and it was stolen. That was 2006. By 2020, another breach hit 46,000 more. The GAO has rated VA information security "high-risk" for a decade. The people who served their country cannot get their country to secure their data. A veteran with facial injuries from an IED — required to use facial recognition to access their disability benefits. A veteran with PTSD — required to do a video selfie to check their own health records. The VA chose a private company's biometric system over the dignity of the people it exists to serve.

Legal jurisdiction

🇺🇸 United States (headquarters)

⚠CLOUD Act read more →

US govt can demand your data from this company even if stored overseas

⚠FISA §702 / PRISM read more →

NSA collects stored emails, photos, messages without individual warrants

●Geofence warrants read more →

Police can demand location data for everyone near a crime scene

Spying

2/4 MODERATE

Is someone spying on me?

Data Sharing

0/4 N/A

Who gets my data?

Security

3/4 HIGH

Is it actually secure?

Honesty

2/4 MODERATE

Can I trust what they say?

3Contradictions

1Critical

2High

0Medium

3Sources

Findings by concern

Spying 2/4 MODERATE 1 finding

⚡ highmarketing vs regulatory

A veteran with facial injuries from an IED — required to use facial recognition to access their disability benefits. A veteran with PTSD — required to do a video selfie to check their own health records. The VA chose a private company's biometric system over the dignity of the people it exists to serve.

What they claim: VA promotes digital access to health records and benefits as convenient for veterans

What we found: The VA required ID.me facial recognition for online access to health records and benefits. Elderly and disabled veterans — including those with service-related facial injuries or PTSD that made video selfies distressing — were forced to use facial recognition or lose online access to their own health records and disability payments.

Security 3/4 HIGH 1 finding

⚠️ criticalmarketing vs third party research

What they claim: VA claims to protect veteran health and personal data with enterprise-grade security

What we found: The VA has experienced repeated data breaches exposing veteran records. In 2006, a laptop stolen from a VA employee's home exposed 26.5 million veterans' records including Social Security numbers. In 2020, the VA disclosed a breach affecting 46,000 veterans' financial information. The GAO has listed VA information security as a "high-risk" area since 2015.

Honesty 2/4 MODERATE 1 finding

⚡ highmarketing vs third party research

The VA spent $16 billion on a new health records system. Prescriptions vanished. Dangerous drug interactions went unflagged. Congress had to pause the rollout after patient safety reports. Veterans who survived combat now navigate a health system that can't reliably track their medications.

What they claim: VA promotes seamless digital health experience through My HealtheVet modernization

What we found: The VA's $16 billion EHR modernization project (Oracle Cerner) has been plagued by delays, cost overruns, and patient safety incidents. At initial deployment sites, pharmacists reported prescriptions vanishing from the system, and the VA OIG documented cases where the new system failed to flag dangerous drug interactions. Congress paused the rollout after patient safety reports.

Sources

GAO: VA information security remains high-risk (2021-05-01)
VA drops plan to require facial recognition(link unavailable) (2022-02-08)
GAO: VA Electronic Health Record Modernization challenges (2023-09-01)