Internet Explorer flaw latest security worry for healthcare CIOs

By Mark Terry

As if dealing with healthcare reform, reimbursement issues, and health IT implementation weren't enough of a challenge, news of the "Heartbleed" bug recently gave healthcare CIOs something else to worry about. Announced in early April, the threat compromised the web encryption program OpenSSL, leaving hundreds of thousands of websites open to data theft. 

Now, a new vulnerability--dubbed Operation Clandestine Fox--looms as a threat for all healthcare CIOs using Internet Explorer, according to a recent Lexology post by attorney Kathie McDonald-McClure of law firm Wyatt Tarrant & Combs LLP. This flaw, McDonald-McClure says, enables "hackers to lure computer users to malicious web code, like a 'fox' who lures prey to a watering hole and then moves in for the kill."

Added McDonald-McClure: "With the IE vulnerability, the hacker can use Adobe Flash content, a popular website or an email to bait the computer user to click on malicious HTML code. This allows the hacker to download the malicious software to the user's computer. Once downloaded, the hacker gains access to the user's computer and can then gather the information needed to access other programs and networks accessed by the user."

McDonald-McClure offers several action steps CIOs should take to help secure their healthcare networks, including:

  • HIPAA security rule compliance: Development of an action plan
  • Use of workarounds and alternative browser options
  • Changing passwords
  • Continued vigilance

According to McDonald-McClure, Microsoft has released a critical security update, providing a path for all versions of Microsoft IE (including XP).

To learn more:
- read the Lexology article
- read about the security update

Suggested Articles

Ochsner Health System is partnering with Color to launch a population health pilot program to integrate genetic information into preventive care.

Health IT company Cerner announced a definitive agreement to acquire IT consulting and engineering firm AbleVets as a wholly owned subsidiary.

Tech giant Google has tapped former Obama administration healthcare official Karen DeSalvo as its first chief health officer.