VA OIG: Orlando VAMC failed to coordinate with Office of Information and Technology to secure Wi-Fi network

Jessica Kim Cohen - Print  | 

The Office of Inspector General at the U.S. Department of Veterans Affairs released a report Jan. 31 investigating alleged security and funding issues with a guest Wi-Fi network at the Orlando (Fla.) VA Medical Center.

Here are five things to know about the OIG's findings.

1. In March 2015, the OIG received a hotline complaint about the Orlando VAMC's development of its Veterans Services Adaptable Network, the medical center's guest Wi-Fi network. The complaint alleged the Orlando VAMC had not coordinated its development efforts with the VA Office of Information and Technology and that the project's funding had come from medical services appropriations, rather than an IT budget.

2. The OIG substantiated the complaint the medical center's VSAN development was not "fully coordinated" with the VA Office of Information and Technology to ensure it met various agency security requirements.

"The Orlando VAMC and [the VA Office of Information and Technology] did not perform a security risk assessment or implement security controls to segregate VSAN from VA's network," the report reads. "The VSAN deployment was not fully coordinated because local OI&T staff did not exercise effective oversight due to competing priorities and resources."

3. In its report, the OIG argued the VA Office of Information and Technology's lack of oversight posed "unnecessary risks to VA's networks that could have resulted in unauthorized access to other VA systems."

4. However, the OIG did not substantiate the claim the Orlando VAMC inappropriately used medical services appropriations funds. The VA Office of General Counsel reviewed Orlando VAMC's funding at various points throughout the VSAN deployment to determine appropriate use of medical services appropriation funds.

"The OIG accepts OGC's rationale supporting the use of medical appropriations for these procurements," the report reads.

5. To address any cybersecurity issues, the OIG recommended the executive in charge for the VA Office of the Under Secretary for Health and the executive in charge for the VA Office of Information and Technology work together to ensure guest Wi-Fi access networks are secured in accordance with VA policy.

To access the VA OIG's report, click here.

More articles on cybersecurity:
HHS OCR: 10 steps hospitals must take to avoid 'cyber extortion'
Survey: Americans trust healthcare industry with personal data more than government
OIG: Access, configuration security vulnerabilities at HHS

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.