Federal Reports

The VA Office of Inspector General (OIG) conducts information security inspections to assess whether VA facilities are meeting federal security requirements. They are typically conducted at selected facilities that have not been assessed in the sample for the annual audit required by the Federal Information Security Modernization Act of 2014 (FISMA) or at facilities that previously performed poorly. The OIG selected the St. Cloud VA Medical Center in Minnesota because it had not been previously visited as part of the annual FISMA audit.The OIG’s information security inspections focus on four security control areas that apply to local facilities and have been selected based on their levels of risk: configuration management, contingency planning, security management, and access controls. During this inspection, the OIG found deficiencies with configuration management, contingency planning, and access controls.Deficiencies in configuration management included critical-risk vulnerabilities that VA’s Office of Information and Technology did not identify, uninstalled patches, an inaccurate inventory, and unauthorized software, which deprive users of reliable information access and could risk unauthorized access to, or alteration or destruction of, critical systems. The team identified a contingency planning weakness concerning an untested emergency power shutoff in the data center. Weak access controls included missing logs and visitor access records, communication rooms with insufficient climate controls, and nonworking video surveillance in the data center. These deficiencies compromised the security and maintenance of the information system.The OIG made eight recommendations to the assistant secretary for information and technology and chief information officer to improve controls at the facility because they are related to enterprise-wide information security issues similar to those identified on previous FISMA audits and information security inspections. The OIG also made two recommendations to the St. Cloud VA Medical Center director.

This report examined GAO’s inventory control over certain IT assets that may process or store sensitive or classified information during the onset and height of the pandemic.

This OIG Comprehensive Healthcare Inspection Program report describes the results of a focused evaluation of the outpatient setting of the Manila VA Clinic in Pasay City, Philippines. This evaluation focused on five key operational areas:• Leadership and organizational risks• Quality, safety, and value• Medical staff privileging• Environment of care• Mental health (suicide prevention initiatives)The OIG issued two recommendations for improvement in two areas:1. Medical staff privileging• Professional practice evaluations2. Mental health• Suicide risk evaluations

The Veterans Benefits Administration’s (VBA) compensation program provides tax free monthly payments to veterans for the effects of disabilities caused by diseases, events, or injuries incurred or aggravated during active military service. VBA also has a pension program designed to provide supplemental income to eligible wartime veterans and their survivors with financial need.In response to a backlog of claims for the compensation and pension programs, Congress directed the OIG to• report the status of the compensation and pension benefits claims backlog,• review the causes of VA’s backlog, and• analyze how an initiative to digitally scan all paper based military personnel files has helped address and resolve the backlog.Beginning in fiscal year 2020, VBA experienced an increased backlog due to pauses in in person medical exams to establish disabilities and levels of impairment from the COVID 19 pandemic. Additionally, because of the implementation of the PACT Act of 2022, VBA anticipates a further increase in the claims backlog during fiscal year 2023. VBA developed a multilevel action plan to address the anticipated increase in backlog: hiring, technology, and proactive scanning, and the initiative to digitally scan all personnel files appears to be working well.