The Department of Veterans Affairs (VA) Office of Inspector General (OIG) blamed the VA for failing to control outside contractor access to secure files. Failed oversight of the VA’s cybersecurity protocols granted a private contractor improper access to electronic health records (EHRs), possibly affecting veterans’ disability claims.
The OIG’s report was filed July 27 and detailed the extent of the contractor’s entry into the VA’s system. The contractor was able to access the portion of the VA’s IT system veterans use to:
- refill prescriptions over the telephone;
- schedule appointments;
- review balances due; and
- check lab results.
During their inspection, auditors found some “corporate officers” utilized other employee’s user accounts to unlawfully access the VA network. According to the contractor, that was done in order to “conduct maintenance and monitor contractor systems.” This is not the fist time the VA has failed to control its security protocols.
That explanation was not readily accepted by the OIG, as their investigation revealed “sensitive VA data” on unencrypted memory devices in the contractor’s offices. Contractors have their own system within the VA medical facilities, and those systems are not always firewall protected. Vendor systems usually contain unsupported software, which leaves their system with inadequate protection against viruses and malware.
The VA clearly failed to perform “effective oversight of contractor practices,” according to the OIG report. That failure means contractors are not meeting VA security standards at medical facilities and vendor locations.
If you are a disabled veteran who has been denied disability compensation or have not yet applied for benefits from the VA, a South Florida disability attorney from Veterans Help Group is ready to help. To learn if you are entitled to certain programs and benefits contact our veterans disability rights firm today – 1-855-855-8992.