#Middlebury #Veterans #OIG
VETERANS POST
by Freddy Groves
The Department of Veterans Affairs Office of Inspector General performed IT security inspections at two outpatient VA mail-order pharmacies to see if they were meeting federal security guidance. As mail pharmacies (preparing and dispensing outpatient refills of drugs), they rely heavily on IT.
The Texas facility computers were past their “sell by” dates, meaning they were no longer getting vendor updates and support. When it came to IT security, there were 22 critical vulnerabilities on 62 computers and 34 high-risk vulnerabilities on 328 computers.
Access controls were an eye-opener. The system was deficient in device lock (which prevents access to systems when users are away from their workstations), ID and authentication of users (knowing who is typing in what), multiple users sharing one high-level account, open computers with no one around in a warehouse, access logs that were overwritten (erased) in 20 minutes and not saved anywhere … and more. Inspectors even found 98 more computers onsite than the facility thought it had.
That Texas facility alone processed over 19 million prescriptions in one year, servicing VA medical sites in six states.
It didn’t even get parking security right. VA rules say there can’t be parking right next to a facility in case of a vehicle attack. The VA medical center police department had even issued a report about there being no physical barriers. When asked, facility managers told the OIG that parking wasn’t an IT issue.
At an Arizona facility, the OIG found a similar set of deficiencies: an inaccurate inventory list of computers, multiple vulnerabilities on hundreds of computers, missing software update patches, use of default (fresh out of the package) passwords for security camera systems, with half of the systems not generating audit logs.
That facility filled 24 million prescriptions in one year, servicing VA facilities in 12 states. At least the Arizona facility didn’t have vehicle barrier problems, with a hefty metal fence all around it – although a check of the facility on Google maps showed the gates swinging wide open.
© 2022 King Features Synd. Inc.
