Northern Arizona VA Healthcare System Faces Cybersecurity Audit

Cybersecurity is more complex than it seems at first.

By Jeff Wardon, Jr., Assistant Editor


Given the recent influxes of cyberattacks, cybersecurity has risen to the forefront as a major issue for healthcare facilities. These attacks can be costly, even well beyond their intended targets. Cybersecurity is key to preventing these attacks, however, there is much more to prevention than one might think.  

Many think that a cybersecurity program is just some antivirus software. While that is partially true, there are more moving parts and components to the operation. This was brought to light in a recent audit by the US Department of Veterans Affairs Office of Inspector General (OIG) conducted on the information security at the Northern Arizona VA Healthcare System.   

The OIG found deficiencies in all three areas it uses to inspect cybersecurity: configuration management, security management and access control. 

According to the audit, the areas are defined as: 

  • Configuration management is identifying and managing security features for all hardware and software components of an information system. 
  • Security management sets forth a framework and cycle of activity for assessing risk, developing and implementing effective security measures, and monitoring how well these procedures work. 
  • Access controls refer to the proper restriction of sensitive computer resources to authorized individuals only. Both physical and environmental controls count in this. 

Concerning configuration management, the OIG found four controls to be deficient: vulnerability management, flaw remediation, unsupported components and baseline configurations. Essentially, the VA's vulnerability management program has flaws that must be addressed, such as improving patch management, addressing unsupported systems and ensuring proper baseline configurations for critical infrastructure and databases. 

The OIG only found that one security management control was deficient and in need ofcontinuous monitoring of the inventory. The inspection team found that there was almost twice the number of devices in the network versus the number identified in the VA’s cybersecurity management service, eMASS. According to the inspection team, the VA was aware of how many devices it had but failed to update the number in eMASS.  

Lastly, the inspection team found seven access controls had deficiencies in the following control areas: 

  • Physical access 
  • Video surveillance  
  • Environmental controls 
  • Equipment installation 
  • Emergency power 
  • Fire protection controls 
  • Water detection 

All these controls prove vital to the VA’s information systems and infrastructure working properly, so naturally any weaknesses they have must be addressed.  

While this is one example of a health system’s cybersecurity shortcomings, it need not be taken lightly. Healthcare facilities face a great challenge currently with cybersecurity, as many find themselves plagued by a seemingly endless onslaught of cyberattacks. 

There are many different factors and aspects to cybersecurity. If they were to fail, it could leave a healthcare facility’s information system wide open for exploitation. Maintaining information systems takes a holistic approach, as every part plays a crucial role in preventing attacks and exploits. 

Jeff Wardon, Jr. Is the assistant editor for the facilities market. 



July 26, 2023


Topic Area: Information Technology , Security


Recent Posts

Site Selection Mistakes: What Not To Do

Healthcare providers that treat site selection as a strategic decision, not a simple real estate deal, will be positioned for long-term success.


High-Performance EFCO Systems Shape MUSC's New Black River Medical Center

Case study: A sweeping curved-glass entrance, impact-resistant envelope and energy-efficient fenestration support a sustainable, resilient design for one of South Carolina’s newest rural hospitals.


Heritage Valley Health System to Officially Affiliate with Alleghany Health Network

With the affiliation now complete, Heritage Valley Beaver and Heritage Valley Sewickley will be rebranded.


The Impact of Acoustics on Patient Privacy

As healthcare facilities evolve toward more open and flexible care environments, acoustic privacy has become essential.


Texas Behavioral Health Center in Dallas Opens with Ribon-Cutting Ceremony

The 456,265-square-foot facility offers a variety of therapeutic, recreational and social spaces that prepare patients for life outside the hospital.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.