COLUMBIA, 8/9/11  (Beat Byte) --  For the second time in little more than a year, Columbia's Veterans Administration (VA) hospital is in hot water with the VA inspector general (IG).  Cybersecurity is lacking at the hospital, claims a July 27 report from IG auditors acting on a tip that a private contractor gained unauthorized access to VA computer networks and veterans' health information. 

The original complaint, from a VA hotline, alleged that unauthorized contractor access also occurred at VA medical centers in Kansas City, Mo., Huntington, W. Va., and Wilmington, Del.   A VA contractor since 1992, but not named in the report, the vendor accessed a system that fills prescriptions, logs appointments, and manages confidential electronic health records. 
"We substantiated the allegation of unauthorized access to VA systems and networks," VA auditors wrote.  "We found that certain corporate officers improperly used other employees' Virtual Private Network user accounts to gain unauthorized access to VA systems and networks."
IG auditors found sensitive patient data stored on unencrypted hard drives at the contractor's office; failure to use firewall protections; inadequate anti-virus and malware protection; and unauthorized sharing of user accounts. 
The VA's Office of Information and Technology concurred with the 19-page report, which included several remedial recommendations. 

Subscribe to Our Newsletter

The Columbia HeartBeat