Auditors, who began examining Tuscaloosa VA Medical Center in May, say they didn’t find any evidence to suggest that there was a plan in place to fix the issue after it was first identified by the department’s IT workers in 2015.
The medical center’s management told auditors they would put together a plan and target date to fix the vulnerability.
The report did not detail what the “high-risk vulnerability” was but named eight recommendations for the center to fix the security deficiencies, some of which include implementing a more effective vulnerability management program to address security deficiencies and ensuring vulnerabilities are remediated within established time frames.
