A Flaw in the VA’s Medical Records Platform May Put Patients at Risk

The department's records platform, VistA, first instituted in the late 1970s, is lauded as effective, reliable, and even innovative, but decades of underinvestment have eroded the platform. Multiple times throughout the 2010s, the VA has said it will replace VistA with a commercial product, and the latest iteration of this effort is currently ongoing. In the meantime, however, security researchers are finding real security issues in VistA that could affect patient care.

At the DefCon security conference in Las Vegas on Saturday, Zachary Minneker, a security researcher with a background in health care IT, presented findings about a worrying weakness in how VistA encrypts internal credentials. Without an additional layer of network encryption , Minneker found that the home-brewed encryption developed for VistA in the 1990s to protect the connection between the network server and individual computers can be easily defeated.

“If you were adjacent on the network without TLS, you could crack passwords, replace packets, make modifications to the database. In the worst-case scenario, you'd essentially be able to masquerade as a doctor,” Minneker tells WIRED. “This is just not a good access control mechanism for an electronic medical record system in the modern era.”

Minneker, who is a security engineer at the software-focused firm Security Innovation, only briefly discussed the findings during his DefCon talk, which was mostly focused on a broader security assessment of VistA and the database programming language MUMPS that underlies it. He has been attempting to share the finding with the VA since January through the department's

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

New Tool Helps Gauge Risk of Undiagnosed DementiaThe eRADAR tool uses clinical data routinely collected in the electronic health record to identify older adults at risk of having undiagnosed dementia and who may benefit from cognitive testing.
Source: Medscape - 🏆 386. / 55 Read more »

High Aldosterone Levels Increase Risk for CKD ProgressionHigher serum aldosterone levels in patients with CKD increase the risk for CKD progression and end-stage kidney disease regardless of patient's diabetes status
Source: Medscape - 🏆 386. / 55 Read more »

'We're begging for help': Jailed people and their families ask court to force immediate change'Jail policies and procedures are putting people at the risk of harm,' plaintiffs' lawyer says Remember, this is KellyForSheriff and nathanfletcher ‘s jail system…
Source: sdut - 🏆 5. / 95 Read more »

Docs Not Talking About Anal Sex May Put Women at RiskAnal sex is becoming more common among heterosexual couples, but by avoiding the topic, clinicians may be failing a generation of young women, who may be unaware of the risks. If clinicians are uncomfortable discussing anal sex, their practices (or patients) should consider contacting their local SexShop! I have attended virtual classes PASSIONAL and PleasureChestNY
Source: Medscape - 🏆 386. / 55 Read more »

Early PT for Lower Back Pain Sends Fewer Patients to SpecialistsA new study concludes that primary care physicians who advise patients with lower back pain to wait for symptoms to resolve may be setting patients up for unnecessary specialist visits. Oh believe me I try.
Source: Medscape - 🏆 386. / 55 Read more »