Over the weekend, a serious security vulnerability was discovered in Microsoft Internet Explorer, which could put your long-term care facility at risk. We’re posting this alert to be sure that SimpleLTC users are aware of the issue and how to address it.
What is it?
The new security vulnerability, called CVE-2014-1776, affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.
Once the vulnerability is exploited, a successful hacker can gain the same user rights on a targeted computer as the current user. This means that a hacker with administrator rights could install malware on the system, create new user accounts, or change or delete data – including protected health information (PHI).
How serious is it?
It’s serious enough that the United States Computer Emergency Readiness Team (US-CERT), part of the U.S. Department of Homeland Security, issued a bulletin on Monday advising users to stop using Internet Explorer altogether until it has been patched, unless they can fully implement Microsoft’s suggested mitigation actions and workarounds.
As of this writing, Microsoft has not yet announced whether it will issue an emergency patch to repair supported versions of IE, or wait until its next IE patch release.
Note that Windows XP users are especially vulnerable to this issue, since Microsoft discontinued support for the XP operating system earlier this month. As a result, there will be no patch coming for IE users on XP.
What can I do about it?
Our records show that a large majority of SimpleLTC customers utilize Microsoft Internet Explorer to access SimpleLTC long-term care software. Of those, more than 20% are also on the Microsoft XP operating system, which means they are especially at risk.
Because there is uncertainty about the timing of a Microsoft IE patch, and because US-CERT has advised discontinuing the use of IE on Windows XP, we strongly recommend switching to an alternate browser, such as Google Chrome.
SimpleLTC supports all modern browsers, and will continue to support IE, but this may be an opportune time to consider switching to an alternate browser at your long-term care facility or organization.