St. Cloud (Minn.) VA Medical Center had multiple deficiencies in its information security systems, some of which include outdated operating systems and missing security patches, a June 8 report from the Department of Veterans Affairs' inspector general found.
VA's Office of Inspector General found that the St. Cloud medical center did not meet federal information security guidelines in the following categories: configuration management, contingency planning and access controls.
The medical center only met requirements in the category of security management controls, according to the report.
Some of the other issues the inspector general found at the facility were missing security patches for several devices, no accurate inventory of St. Cloud's IT assets and no video surveillance in its data center.
The inspector general made several recommendations to the facility, some of which include having St. Cloud implement better processes for vulnerability management, logging inventory of network devices and preventing its use of prohibited software.