Auditors found a "high-risk vulnerability" at Tuscaloosa (Ala.) VA Medical Center that hasn't been remediated since 2015, according to a Jan. 18 report from the VA Office of Inspector General.
Auditors, who began examining Tuscaloosa VA Medical Center in May, say they didn't find any evidence to suggest that there was a plan in place to fix the issue after it was first identified by the department's IT workers in 2015.
The medical center's management told auditors they would put together a plan and target date to fix the vulnerability.
The report did not detail what the "high-risk vulnerability" was but named eight recommendations for the center to fix the security deficiencies, some of which include implementing a more effective vulnerability management program to address security deficiencies and ensuring vulnerabilities are remediated within established time frames.