Northern Arizona VA Health Care System was discovered by the Department of Veterans Affairs' Office of Inspector General
to have previously unknown critical flaws and uninstalled security fixes, as well as outdated network operating systems, which could "deprive users of reliable access to information and could risk unauthorized access to, or the alteration or destruction of, critical systems," FedScoop
Aside from having nearly two times more devices on its network than what had been listed in its inventory, the healthcare system also had weak access controls, including the absence of video surveillance at a data center, according to the OIG report. Six recommendations to bolster the health system's security controls have been given by the report to the VA chief information officer, all of which have been concurred by VA management.
Meanwhile, the Northern Arizona VA Health Care System director has been offered five recommendations on enhancing the health system's security.