Internet Explorer flaw latest security worry for healthcare CIOs

By Mark Terry

As if dealing with healthcare reform, reimbursement issues, and health IT implementation weren't enough of a challenge, news of the "Heartbleed" bug recently gave healthcare CIOs something else to worry about. Announced in early April, the threat compromised the web encryption program OpenSSL, leaving hundreds of thousands of websites open to data theft. 

Now, a new vulnerability--dubbed Operation Clandestine Fox--looms as a threat for all healthcare CIOs using Internet Explorer, according to a recent Lexology post by attorney Kathie McDonald-McClure of law firm Wyatt Tarrant & Combs LLP. This flaw, McDonald-McClure says, enables "hackers to lure computer users to malicious web code, like a 'fox' who lures prey to a watering hole and then moves in for the kill."

Added McDonald-McClure: "With the IE vulnerability, the hacker can use Adobe Flash content, a popular website or an email to bait the computer user to click on malicious HTML code. This allows the hacker to download the malicious software to the user's computer. Once downloaded, the hacker gains access to the user's computer and can then gather the information needed to access other programs and networks accessed by the user."

McDonald-McClure offers several action steps CIOs should take to help secure their healthcare networks, including:

  • HIPAA security rule compliance: Development of an action plan
  • Use of workarounds and alternative browser options
  • Changing passwords
  • Continued vigilance

According to McDonald-McClure, Microsoft has released a critical security update, providing a path for all versions of Microsoft IE (including XP).

To learn more:
- read the Lexology article
- read about the security update

Suggested Articles

Veterans Health Administration medical facilities currently have a paper medical record backlog that if stacked up would be 5.15 miles high, according to the…

The Department of Health and Human Services announced proposed changes to privacy restrictions on patients' substance use treatment records.

An FDA official said the agency is in discussions with multiple stakeholders to create a universal unique medical device identifier to be stored in EHRs.