GAO: VA needs to up its game with cybersecurity training

Echoing previous calls for federal agencies to improve their cyber incident response practices, a new Government Accountability Office report calls for consistent role-based training. Of the six agencies studied, only Veterans Affairs did not address that issue at all, according to the report.

It looks at the preparedness of six agencies--the VA, Energy, Justice, Housing and Urban Development, Transportation, and NASA--and the assistance provided them by the Department of Homeland Security and the U.S. Computer Emergency Readiness Team (US-CERT).

Though the agencies had developed some aspects of an incident response plan, their policies, procedures and plans were not comprehensive or fully consistent with federal requirements, according to the report.

The VA had only partially defined roles, responsibilities and levels of authority for incident response teams. It had not established performance measures or tested its incidence-response plan.

"If staff do not receive training on their incident response roles, they may not have the knowledge or skills to ensure they are prepared to effectively respond to cyber incidents affecting their agency," the report states.

A previous GAO report warned that the VA is vulnerable to cyber attacks. Yet another report dinged the VA and Centers for Medicare & Medicaid Services for failing to consistently document both an assigned risk level and how that level was determined for breach incidents involving personally identifiable information.

The White House recently announced, however, that Health and Human Services' cybersecurity regulations are sufficient for the task, letting that agency off the hook for adding more.

Meanwhile, a recent White House report warned that more privacy protections may be needed for PII in the electronic age.

To learn more:
- find the report (.pdf)

Suggested Articles

COVID-19 has dramatically accelerated the adoption of digital health, and a new analysis from Deloitte finds that trend extends similarly to MA.

The massive financial fallout from the COVID-19 pandemic is a "clarion call" for healthcare providers to shift to new payment models, one CEO said.

Mann-Grandstaff VA Medical Center in Spokane, Washington went live with a new Cerner EHR system this weekend, VA's first site for the EHR project.