Northern Arizona VA Healthcare System Faces Cybersecurity Audit

Cybersecurity is more complex than it seems at first.

By Jeff Wardon, Jr., Assistant Editor


Given the recent influxes of cyberattacks, cybersecurity has risen to the forefront as a major issue for healthcare facilities. These attacks can be costly, even well beyond their intended targets. Cybersecurity is key to preventing these attacks, however, there is much more to prevention than one might think.  

Many think that a cybersecurity program is just some antivirus software. While that is partially true, there are more moving parts and components to the operation. This was brought to light in a recent audit by the US Department of Veterans Affairs Office of Inspector General (OIG) conducted on the information security at the Northern Arizona VA Healthcare System.   

The OIG found deficiencies in all three areas it uses to inspect cybersecurity: configuration management, security management and access control. 

According to the audit, the areas are defined as: 

  • Configuration management is identifying and managing security features for all hardware and software components of an information system. 
  • Security management sets forth a framework and cycle of activity for assessing risk, developing and implementing effective security measures, and monitoring how well these procedures work. 
  • Access controls refer to the proper restriction of sensitive computer resources to authorized individuals only. Both physical and environmental controls count in this. 

Concerning configuration management, the OIG found four controls to be deficient: vulnerability management, flaw remediation, unsupported components and baseline configurations. Essentially, the VA's vulnerability management program has flaws that must be addressed, such as improving patch management, addressing unsupported systems and ensuring proper baseline configurations for critical infrastructure and databases. 

The OIG only found that one security management control was deficient and in need ofcontinuous monitoring of the inventory. The inspection team found that there was almost twice the number of devices in the network versus the number identified in the VA’s cybersecurity management service, eMASS. According to the inspection team, the VA was aware of how many devices it had but failed to update the number in eMASS.  

Lastly, the inspection team found seven access controls had deficiencies in the following control areas: 

  • Physical access 
  • Video surveillance  
  • Environmental controls 
  • Equipment installation 
  • Emergency power 
  • Fire protection controls 
  • Water detection 

All these controls prove vital to the VA’s information systems and infrastructure working properly, so naturally any weaknesses they have must be addressed.  

While this is one example of a health system’s cybersecurity shortcomings, it need not be taken lightly. Healthcare facilities face a great challenge currently with cybersecurity, as many find themselves plagued by a seemingly endless onslaught of cyberattacks. 

There are many different factors and aspects to cybersecurity. If they were to fail, it could leave a healthcare facility’s information system wide open for exploitation. Maintaining information systems takes a holistic approach, as every part plays a crucial role in preventing attacks and exploits. 

Jeff Wardon, Jr. Is the assistant editor for the facilities market. 



July 26, 2023


Topic Area: Information Technology , Security


Recent Posts

Waco Family Medicine Achieves Savings and Bold Design with Wood Selections

Case study: The healthcare facility incorporated over 25,000 square feet of wood and saved over $400,000.


Alleged Ransomware Administrator Extradited from South Korea

The Phobos ransomware has been used globally to target over 1,000 organizations, including healthcare.


Design Plans Unveiled for New Intermountain St. Vincent Regional Hospital

The new hospital will be a 14-floor, 737,000 square-foot facility in Billings, Montana.


Ground Broken on New Pediatric Health Campus in Dallas

The new campus will replace the existing Children’s Medical Center Dallas.


Pre-Construction Strategies for Successful Facilities Projects

Savvy decisions can help facilities meet long-term goals by creating consistency and eliminating waste.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.