By Mark Terry
As if dealing with healthcare reform, reimbursement issues, and health IT implementation weren't enough of a challenge, news of the "Heartbleed" bug recently gave healthcare CIOs something else to worry about. Announced in early April, the threat compromised the web encryption program OpenSSL, leaving hundreds of thousands of websites open to data theft.
Now, a new vulnerability--dubbed Operation Clandestine Fox--looms as a threat for all healthcare CIOs using Internet Explorer, according to a recent Lexology post by attorney Kathie McDonald-McClure of law firm Wyatt Tarrant & Combs LLP. This flaw, McDonald-McClure says, enables "hackers to lure computer users to malicious web code, like a 'fox' who lures prey to a watering hole and then moves in for the kill."
Added McDonald-McClure: "With the IE vulnerability, the hacker can use Adobe Flash content, a popular website or an email to bait the computer user to click on malicious HTML code. This allows the hacker to download the malicious software to the user's computer. Once downloaded, the hacker gains access to the user's computer and can then gather the information needed to access other programs and networks accessed by the user."
McDonald-McClure offers several action steps CIOs should take to help secure their healthcare networks, including:
- HIPAA security rule compliance: Development of an action plan
- Use of workarounds and alternative browser options
- Changing passwords
- Continued vigilance
According to McDonald-McClure, Microsoft has released a critical security update, providing a path for all versions of Microsoft IE (including XP).