Rep. Tony Gonzales
U.S. Rep. Tony Gonzales (R-TX) recently expressed concerns regarding details about a weakness in how the Veterans Information Systems and Technology Architecture (VistA) encrypts internal credentials.
“In an environment in which cyber-attackers are working to access sensitive and critical information, adequate resources and protection must be provided to any system that contains this information and ensure that those that served our country are protected,” Rep. Gonzales wrote in a Sept. 6 letter sent to U.S. Department of Veterans Affairs (VA) Assistant Secretary for Information and Technology and Chief Information Officer Kurt DelBene.
The congressman wrote that the VistA vulnerability was recently identified by a security researcher in healthcare information technology at the Defcon Security Conference, according to an Aug. 16 article in Wired magazine.
Such a breach, he wrote, “could compromise VistA and allow an attacker on a hospital’s network to impersonate a health care provider within it. Possible implications of such an attack include impersonators modifying patient records, submitting diagnoses, or prescribing medications.”
Rep. Gonzales also pointed to the ongoing delays in the rollout of the Cerner Electronic Health Records Management (EHRM) system, which involves the phasing out of VistA using a new medical records system. The EHRM rollout also has experienced issues with pilot deployments resulting in almost 150 cases in which patients could have potentially been harmed, according to his letter.
“Given these events and the importance of securing such crucial data, I request that the VA provide information about the steps that it plans to take to ensure VistA remains safe and secure while the EHRM rollout is implemented,” wrote Rep. Gonzales. “I believe that provider and patient safety is of the utmost priority and should not be compromised under any circumstance.”