Members press VA on employee access and veteran-data protections after cybersecurity incidents

During the subcommittee hearing, several members requested clarity about VA employee access to AI datasets and whether veteran data had been copied or removed. Representative Basinski named six employees — "Justin Fulcher, Sahil Lavinia, Christopher Russo's, Peyton Raelings, Carrie Volpert, or John Covel" — and asked whether they had worked with VA AI datasets. Charles Worthington responded that he "'has come across several of them'" but said he was not "exactly clear on the relationship" and believed they were VA employees. When asked if those employees had accessed datasets containing VA patient medical records, Worthington said, "I am not aware." On whether veterans' data were removed from the VA, Worthington said, "As far as I understand, all the VA employees follow all the VA IT security processes and procedures," but he did not confirm that no data had been removed and offered to follow up. GAO's Carol Harris reminded the committee that VA had experienced multiple cybersecurity incidents since the previous hearing and that some breaches had implicated veterans' data, including incidents involving contractors; she recommended more privacy officers and stronger adherence to key practices. Members requested more transparency and a written response to an earlier letter seeking detail on those employees' access. No formal adjudication or vote occurred at the hearing; lawmakers asked VA to provide additional documentation and to answer pending requests about employee access and data handling.