Government & Policy

OIG blasts VA over IT security controls, calls standards weak, unsafe

This is not the first time the agency was criticized for its security vulnerabilities: OIG Deputy Assistant Inspector General said the issues have been consistent since 2000.
By Jessica Davis
May 25, 2017
12:10 PM

The Office of the Inspector General this week scolded the U.S. Department of Veterans Affairs over its IT security controls during a House Committee on Veterans Affairs’ Financial Management hearing on Wednesday.

OIG found weaknesses in configuration management, access controls, security management and contingency planning. Specifically, officials found VA had untimely patching of security vulnerability mitigation and inconsistent enforcement of password standards.

[Also: VA taps DSS for mobile patient scheduling tool]

“This is a repeat finding that our contract auditors have reported since Fiscal Year 2000,” OIG Deputy Assistant Inspector General for Audits and Evaluations Nicholas Dahl said in his opening statement. “Without good information technology security controls, VA’s financial information may not be safe in terms of confidentiality, integrity and availability.”

This isn’t the first time the VA was scorned for its IT oversight. In March, the VA landed on the U.S. Government Accountability Office high-risk list again, for the third year in a row.

It was added to the list in 2015 for the first time due to GAO’s concerns with the “VA’s ability to ensure the timeliness, cost-effectiveness, quality and safety of the care provided to veterans,” GAO Director of Health Care Team Debra Draper said during a U.S. Senate Committee on Veterans’ Affairs meeting in March.

[Also: OIG stings Virginia for failing to secure Medicaid data]

“As I noted at the time of their high-risk designation in 2015, VA had more than 100 open GAO recommendations related to healthcare,” Draper said. “Seventy-four new recommendations have been added since then; currently, there are still more than 100 open recommendations. And about a quarter of these have been open for three to four years.”

During the same meeting, VA Inspector General Michael Missal condemned the VA’s “exceedingly slow pace of progress.”

VA Secretary Shulkin told the House Committee on Veterans Affairs during a Wednesday morning meeting that modernization is a top priority of the agency, which he believes will create a “highly integrated, high-performance system.”
 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Government & Policy

More regional news

A doctor in scrubs reviewing a patient's record on a digital tablet

$14M more for EMR implementation in Victoria and more briefs

By
Adam Ang
November 24, 2024
Clinician in scrubs at a hospital computer

CommonSpirit partners up with U of U for clinical collaboration

By
Andrea Fox
November 22, 2024
Stethoscope on an iPad

HIMSSCast: Care provider or tool? When and why patients like AI

By
Andrea Fox
November 22, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story
EHR tips on migrating an all-digital hospital to Epic

Most Read

ASTP intros 2024 draft Federal FHIR Action Plan
VA must strengthen controls addressing EHR performance
HHS investing $75 million in rural healthcare infrastructure
GPs cry My Health Record 'overhaul' and more briefs
FCC set to require georouting for 988 Lifeline calls, enhancing access to local services
Sens. Warner & Wyden seek healthcare cybersecurity mandates in new bill

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive

More Stories

Dr. Mehmet Oz
Trump picks Dr. Mehmet Oz to head CMS
Agency cybersecurity infosec illustrated by many colored streams harnessed by a lock
OIG again deems HHS' infosec program ineffective
Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve