VA to secure 50,000 networked medical devices

CIO determined to finish task this year

The Veterans Affairs Department has launched an initiative to isolate all 50,000 networked medical devices by December, after experiencing computer virus and malware infections of 122 networked medical devices in the last 14 months that had the potential to harm patients, according to VA Chief Information Officer Roger Baker.

“VA faces a critical challenge in securing our medical devices from cyber threats — and securing them is among the highest priorities for VA,” Baker told the House Veterans Affairs Subcommittee on Oversight and Investigations.

The VA currently operates about 50,000 networked devices to assist in patient diagnosis, treatment and monitoring. The devices are especially challenging to secure because their operation must be certified, and application of virus protection updates and patches is restricted.

Starting in 2009, VA officials mandated that all medical devices at Veterans Health Administration facilities connected to the VA network implement a device isolation architecture, which uses a local area network. The VA also set up a comprehensive device protection program that includes assessment, communication, training, validation, scanning, remediation and patching, Baker said.

The VA expects to secure all medical devices through the isolation architecture by year’s end, Baker said.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Who's Fed 100-worthy?

Nominations are now open for the 2015 Federal 100 awards. Get the details and submit your picks!

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above