The Department of Veterans Affairs suspended the use of the Yammer social sharing platform after a scathing Inspector General report found mass violations of VA security policy that may have put veterans’ personal information at risk.
In an email sent to all VA employees Thursday, VA officials said use of Yammer has been susepended effecitive immediately.
“In order to provide undisputable security to its environment, VA determined it must take action to remediate these identified problems and further secure Yammer,” stated the email, obtained by MeriTalk. “Effective immediately, all access to Yammer is suspended. Postings, data, and files previously shared through Yammer will no longer be accessible. VA is evaluating whether or not Yammer has a place within the VA technology environment, and further updates will be made as that decision is finalized. We encourage all users to explore VA Pulse as a viable alternative.”
The decision comes just two weeks after VA’s inspector general released the results of an investigation into the use of Yammer, in which investigators concluded that as many as 50,000 VA employees took part in the unauthorized internal social network and may have compromised VA data as far back as 2008.
In a heavily-redacted 21-page report, released Aug. 20 in response to a Freedom of Information Act request by MeriTalk, the VA’s IG said tens of thousands of VA employees had registered for and used Yammer “even though it was not authorized for use, or monitored, it quickly became widely used by VA employees, without ever going through the appropriate approval process.”
Meanwhile, VA’s new Chief Information Officer, LaVerne Council, weighed in on the Yammer report in an email Wed. to all Office of Information and Technology (OI&T) employees. According to Council, the lack of accountability for Yammer ranks at the top of the issues she has been dealing with during the last two weeks, including what appears to be an unwillingness by OI&T employees to participate in VA’s All-Employee Survey.
“Team, I can’t emphasize enough: Yammer is Yammer. It’s social. It’s a tool for us to get to know each other across distances,” Council wrote in an email obtained exclusively by MeriTalk. “However, just like the break room at work, social media becomes an issue when we’re not taking ownership. If we’re missing deadlines, if we’re risking VA information, or if we’re being careless with our words and actions, you can bet that those tools – whether the break room or its virtual counterparts – will be called into question.”
In the same email in which she addressed the Yammer controversy, Council also revealed frustration with the lack of participation by OI&T employees in the VA’s agencywide employee survey.
“A few weeks ago, I asked you to make our team a model of VA participation. Right now, we have among the lowest response rates in VA,” Council said. “This isn’t about discipline – the survey is anonymous. I don’t know who’s taken it and who hasn’t. This is about making ourselves accountable to improving our own environment. It’s about speaking up, taking ownership of providing real, honest feedback, and making VA a better place for you and your colleagues to work, which will make it a better place for our Veterans to receive care,” she said.
“Remember, ‘Innovation’ is right in our strategic tenets, along with Transparency, Accountability, and Teamwork,” she wrote. “But we can’t build an environment of innovation without first taking accountability for our current environment as well as our plan to transform it.”
VA Chief of Staff, Robert L. Nabors, said in a response to the IG investigation that the agency will decide by Oct. 1 on what, if any, disciplinary actions it will take against personnel.