Georgia Tech Researcher Flags Flaw In Open-Source Vets Health System

What began as a master's thesis wound up revealing a potentially severe flaw in VA's open healthcare project.

An academic exercise by a security researcher blossomed into a live-fire infosec emergency last month, after a major vulnerability was found in a central U.S. government healthcare database system.

Georgia Tech graduate student Doug Mackey didn’t set out to fix a potentially disastrous issue in a major government healthcare records system – originally, he’d simply meant to outline the relative vulnerability of large government computer systems in general to attacks by foreign governments, as a final project for a Master's in Information Security degree.

He settled on the Veterans Health Information Systems and Technology Architecture, or VistA, an open-source framework used by the Department of Veterans Affairs as a test case. The VA says it's the single largest integrated healthcare system in the U.S., serving 6 million patients per year.