Congressman Gonzales Sends Letter to the VA Concerning Cybersecurity Weakness in Healthcare System

I sent a letter to U.S. Department of Veterans Affairs (VA) Assistant Secretary for Information and Technology and Chief Information Officer Kurt Delbene expressing concern over a recent report regarding a security vulnerability in the Veterans Information Systems and Technology Architecture (VistA) and the departments’ plans in implementing its Electronic Health Record Modernization System (EHRM) amid this vulnerability.

This vulnerability, which was recently identified by a security researcher in health care information technology at the Defcon Security Conference, could compromise VistA and allow an attacker on a hospital’s network to impersonate a health care provider within it. Possible implications of such an attack include impersonators modifying patient records, submitting diagnoses, or prescribing medications.

In an environment in which cyber-attackers are working to access sensitive and critical information, adequate resources and protection must be provided to any system that contains this information and ensure that those that served our country are protected.

Given these events and the importance of securing such crucial data, I request the VA provide information about the steps it plans to take to ensure VistA remains safe and secure while the Electronic Health Record Modernization (EHRM) rollout is implemented.

Read the full text of the letter here.