It’s time to stop using IE6 to manage your healthcare organization’s internet needs (Read an update: Healthcare Security Trends in 2021)
You need to click the upgrade button and update your browser from IE6 to IE 9, or better yet, download Chrome or Firefox, both of which are much more secure for healthcare providers. After speaking with most providers, (yes you know who you are) Large hospitals, small practices, and everyone in between are open to security risks.
If your organization is still using Internet Explorer 6 on Windows XP, just stop. Stop it now. The marketplace is filled with credible alternatives to IE6, including Mozilla Firefox and Google Chrome. If you need to use Internet Explorer because it’s required for compatibility with specific websites or apps, you have alternatives from Microsoft itself.
Internet Explorer is OLD
IE6 was replaced with the newer, more secure Internet Explorer 7 in October 2006, more than 96 months ago. And Internet Explorer 8 was released in March of 2009, nearly 5 years ago. Both browsers have large improvements in usability, including tabbed browsing, but their biggest selling point is security. Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice.
Think that judgment is too harsh? Ask the security experts at Google, Adobe, and dozens of other large corporations that are cleaning up the mess from a wave of targeted attacks that allowed source code and confidential data to fall into the hands of well-organized intruders. The entry point? According to Microsoft, it’s IE6:
At this time, we are aware of limited, targeted attacks attempting to use this vulnerability against Internet Explorer 6. We have not seen attacks against other versions of Internet Explorer.
Newer versions of Internet Explorer and later Windows releases are at reduced risk to the exploit we have seen due to platform mitigations explained in the blog post below.
Under the “Mitigating Factors” heading, the Microsoft Security Response Center specifically notes that the exploit used in this case does not run under IE7 and IE8 in Windows Vista or Windows 7. You’ve got one extra layer of protection if you use IE8, even under Windows XP Service Pack 3, thanks to Data Execution Prevention, which is enabled by default.
The accompanying blog post from Jonathan Ness of the Microsoft Security Research Center Engineering group is even blunter:
I want to make one thing perfectly clear. The attacks we have seen to date, including the exploit released publicly, only affect customers using Internet Explorer 6. As discussed in the security advisory, while newer versions of Internet Explorer are affected by this vulnerability, mitigations exist that make exploitation much more difficult.
Other Major Issues
Want to learn more about major breaches in the United States? Check out an article we wrote, “Are You at Risk to Be on the “Wall of Shame” for Breaches in Patient Privacy?”
Send this article to your CEO, IT, and Staff
If your organization is still forcing you to use IE6 on Windows XP, send this blog post to your CEO, your CIO, and every member of your company’s Board of Directors.
In 2014, with multiple alternatives available (Chrome and Firefox), there is no excuse for continuing to use an insecure Internet infrastructure.
IE6 users, it’s time to move on. Your IT staff has had more than five years to come up with alternatives to IE6. If they can’t handle it, maybe it’s time to replace them, too.
Original article location
