Federal Reports

For our evaluation of the U.S. Census Bureau's (the Bureau's) cybersecurity posture, our objective was to determine the effectiveness of the Bureau’scybersecurity posture against a simulated real-world attack. To do this, we conducted a covertcyber red team with six goals tailored to relevant risks. We found that the red team was able to gain unauthorized and undetected access to a Bureaudomain administrator account as well as personally identifiable information of Bureauemployees; reduce the Bureau’s defensive options; use insecure programs to send fake emails; and carry out severalmalicious actions that identified 11 security weaknesses.

Semiannual Report to Congress: April 1, 2022, through September 30, 2022

To see our report, click on the link below

This Office of Inspector General Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the inpatient and outpatient care provided at the Mountain Home VA Healthcare System, which includes the James H. Quillen VA Medical Center and multiple outpatient clinics in Tennessee and Virginia.This evaluation focused on five key areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (emergency department and urgent care center suicide prevention initiatives)At the time of the inspection, the system’s executive leaders had worked together for over three years. The healthcare system’s fiscal year 2021 annual medical care budget increased over 9 percent compared to the previous year’s budget. The System Director reported using the additional funds to support staffing increases and to expand inpatient capacity and outpatient services.The OIG reviewed employee satisfaction survey results and concluded that the System Director had an opportunity to improve staff’s perceived ability to disclose suspected violations without fear of reprisal. Inpatient and outpatient experience survey scores reflected higher care ratings than the VHA averages, but trended downward in primary care from fiscal years 2019 through 2021. The OIG reviewed accreditation findings and did not identify any substantial organizational risk factors. However, the OIG noted concerns with system leaders identifying sentinel events and issued one related recommendation for improvement.

VA OIG attorney-advisors conducted two related internal investigations following allegations that a then special agent in charge in the Office of Investigations engaged in inappropriate conduct or sexual harassment that his superiors ignored and that contributed to a hostile work environment. OIG disciplinary officials determined the special agent in charge engaged in “conduct unbecoming” and should be removed from federal service. The special agent in charge retired during the 30-day advance notice period that is required before completing a removal action. The evidence did not support a charge of sexual harassment, failure to act by senior leaders, or a hostile work environment. To enhance future reporting and a safe workplace, the OIG implemented and updated directives on romantic relationships involving coworkers and sexual misconduct in addition to other responsive actions.The OIG publishes summaries of internal investigations of alleged senior personnel misconduct to promote transparency and accountability. Summary information released is consistent with applicable privacy laws and regulations.

If water systems do not complete risk and resilience assessments or emergency response plans, they are more vulnerable to cyberattacks and other malevolent acts. The 19 percent of water systems that did not certify completion of these assessments and plans serve 40 million people.