The Minneapolis, Minn., VA Medical Center, part of the U.S. Department of Veterans Affairs. Photo by Ken Wolter/Shutterstock
WASHINGTON, May 5 (UPI) -- The U.S. Department of Veterans Affairs blocked more than a billion cyber threats against its systems in March, according to a report.
VA Chief Information Officer Stephen Warren told reporters the number was a significant surge over February.
In March the department blocked 1.19 billion malware instances and 358 million intrusion attempts into its systems, a large increase from the month prior, when it blocked 930 million malware instances and 4.3 million intrusion attempts, Warren said.
The surge comes little over a year after the release of a report by the VA's Office of Information & Technology Risk Management Team, which concluded it was "practically unavoidable that a data breach to financial, medical, and personal veteran and employee protected information may occur within the next 12 to 18 months, with no way of tracking the source of the breach."
At the time, there had been at least eight breaches of the agency's network since March 2010, including in January 2014 when it sustained a "software defect" on its eBenefits website and released personal details for more than 5,000 people, and in 2012, when it mistakenly released data to the website Ancestry.com.
A November 2014 report by the U.S. Government Accountability Office stated that while VA had "taken actions to mitigate previously identified vulnerabilities, it has not fully addressed these weaknesses."
VA holds personal records for about 20 million veterans, employees and dependents.
Warren said that if the recent spike continues to grow, the agency "may get overwhelmed." He suggested an expansion of VA's cyber-security budget as well as its overall operational budget to help the manage the influx. He said he has expressed the concern to the Office of Management and Budget.
Warren said his teams focus on the volume of threats rather than the motivations behind them. "It is across the board," he said. "There doesn't appear to be any disincentive for an individual or an organization ... to come after the VA as well as other organizations for data."