Open-Source Community Helps With Emergency VistA Patch

Kathleen Hickey | GCN | December 10, 2013

While working on his final project for a master's degree in information security, Georgia Tech graduate student Doug Mackey discovered a security flaw in VistA, the Veterans Health Information Systems and Technology Architecture electronic health records system.

Mackey was using VistA as a test case for outlining the relative vulnerability of large government computer systems to attacks by foreign governments.

“I wanted to study the security of software used within a real system in a critical economic sector,” he told Network World. “The health sector and VistA were chosen because VistA is open source, and all the source code is easily available. Using the open-source code, I set up an isolated lab test system to study.”

VistA is used by the Department of Veterans Affairs throughout its medical system. The department says it's the single largest integrated health care system in the United States, serving over 8 million patients annually. Nearly 25 percent of the population is potentially eligible for VA benefits and services and could potentially use VistA. It consists of nearly 160 integrated software modules for clinical care, financial functions and infrastructure.