Watchdog Identifies Multiple Security Deficiencies at VA Medical Center in Louisiana – By Edward Graham (Nextgov) / Sept 26, 2022
The VA’s Office of Inspector General found “critical and high-risk vulnerabilities on 37% of the devices” at the Louisiana-based medical center.
An audit conducted by the Department of Veterans Affairs’ Office of Inspector General identified multiple deficiencies in the information technology systems at the Alexandria VA Medical Center in Pineville, Louisiana, including uninstalled security patches and outdated operating systems that could place “critical systems at unnecessary risk of unauthorized access, alteration or destruction.”
OIG conducted the IT security assessment to determine whether Alexandria was meeting federal guidelines under the Federal Information Security Modernization Act of 2014—also known as FISMA—which requires federal agencies to implement information security programs. Alexandria, which has an active patient roster of over 37,000, was selected for an audit because it had not been previously assessed as part of the annual FISMA review.
The audit, released on Sept. 22, highlighted deficiencies in three of the four security control areas at Alexandria, including with configuration management, security management and access controls. The assessment did not identify any issues with the center’s contingency planning controls.
