VA OIG Audit Uncovers Vulnerability Management Weaknesses
Agency Details Security Review Findings in an Arizona VA Healthcare System
… Some experts say the OIG’s audit not only highlights important security risk management issues at the VA, but also in the healthcare sector overall. “The report rightly called out configuration management and security management,” said Wendell Bobst, senior security consultant at tw-Security.
“There are too many devices to patch individually and computer management software should be installed on each ‘regular’ computer to track the pending patches, and if reboots have occurred,” he said.
“Where the VA likely failed was the lack of network segmentation to isolate the devices that don’t support the computer management software – for example, radiology modalities – or regular patching,” he said. This type of isolation would contain most malicious software in time for IT to address an issue, he added.