Government & Policy

OIG blasts VA over IT security controls, calls standards weak, unsafe

This is not the first time the agency was criticized for its security vulnerabilities: OIG Deputy Assistant Inspector General said the issues have been consistent since 2000.
By Jessica Davis
May 25, 2017
12:10 PM

The Office of the Inspector General this week scolded the U.S. Department of Veterans Affairs over its IT security controls during a House Committee on Veterans Affairs’ Financial Management hearing on Wednesday.

OIG found weaknesses in configuration management, access controls, security management and contingency planning. Specifically, officials found VA had untimely patching of security vulnerability mitigation and inconsistent enforcement of password standards.

[Also: VA taps DSS for mobile patient scheduling tool]

“This is a repeat finding that our contract auditors have reported since Fiscal Year 2000,” OIG Deputy Assistant Inspector General for Audits and Evaluations Nicholas Dahl said in his opening statement. “Without good information technology security controls, VA’s financial information may not be safe in terms of confidentiality, integrity and availability.”

This isn’t the first time the VA was scorned for its IT oversight. In March, the VA landed on the U.S. Government Accountability Office high-risk list again, for the third year in a row.

It was added to the list in 2015 for the first time due to GAO’s concerns with the “VA’s ability to ensure the timeliness, cost-effectiveness, quality and safety of the care provided to veterans,” GAO Director of Health Care Team Debra Draper said during a U.S. Senate Committee on Veterans’ Affairs meeting in March.

[Also: OIG stings Virginia for failing to secure Medicaid data]

“As I noted at the time of their high-risk designation in 2015, VA had more than 100 open GAO recommendations related to healthcare,” Draper said. “Seventy-four new recommendations have been added since then; currently, there are still more than 100 open recommendations. And about a quarter of these have been open for three to four years.”

During the same meeting, VA Inspector General Michael Missal condemned the VA’s “exceedingly slow pace of progress.”

VA Secretary Shulkin told the House Committee on Veterans Affairs during a Wednesday morning meeting that modernization is a top priority of the agency, which he believes will create a “highly integrated, high-performance system.”
 

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Government & Policy

More regional news

Chris Harle, CIO of Regentrief Institute

Regenstrief Institute appoints a new chief information officer

By
Mike Miliard
November 08, 2024
Stethoscope resting on tablet

HIMSSCast: Digital tools can leverage SDOH data and improve outcomes

By
Andrea Fox
November 08, 2024
Dr. Tim O'Connell of emtelligent on AI

Safe and equitable AI needs guardrails, from legislation and humans in the loop

By
Bill Siwicki
November 07, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

User authenticates laptop access on a mobile phone with required MFA
Google sets mandatory MFA deadline for all cloud accounts

Most Read

Will telemedicine stagnate without regulatory reform?
Australia to launch virtual nursing for aged care
India upgrades national doctors database
Telehealth groups urge feds to extend virtual prescribing flexibilities
NUH AI interprets spinal stenosis in '47 seconds' and more AI briefs
The Light Collective amplifies its call for patient data rights

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Adam Hutchinson at oVRcome_Images courtesy of oVRcome
How VR exposure therapy is helping patients overcome their phobias
Greg Garcia at Cybersecurity Working Group_Healthacre Cybersecurity Forum 2024
Cyberattacks are now at epidemic proportions
Everett Wilson at Polsinelli Law Firm_Wood blocks with healthcare icons Photo by pcess609/iStock/Getty Images Plus
Changes to Medicare Advantage are unsustainable
Svava María Atladóttir at Landspítali National University Hospital_HIMSS24 Europe
Clinicians can help design digital experiences that support patients and staff

More Stories

Building of the Royal Adelaide Hospital
Royal Adelaide Hospital digitises cancer therapy...
Svava María Atladóttir at Landspítali National University Hospital_HIMSS24 Europe
Clinicians can help design digital experiences that support patients and staff
Franklin Square Medical Center
MedStar extends acute care at home to Baltimore
Andy Sajous of Ahead on AI
Why won't this expert's clients sign onto AI projects for more than 12 months at a time?
Abstract of lines connected in a mesh over a map of the U.S.
Epic APIs move to USCDI v3
Eric Liederman at CybersolutionsMD_Healthcare Cybersecurity Forum 2024
Improve cyberdefense through collaborative decisions
Chris Baird of OptConnect on RPM
How IoT is transforming remote patient monitoring
Cybersecurity experts John Riggi and Richard Staynings speak at the HIMSS Healthcare Cybersecurity Forum.
Majority of cyberattacks are through third-party vendors