NHS Connecting for Health has said organisations still using Microsoft Internet Explorer 6 should move to IE7, following security concerns about the older browser.
The Department of Health signed a national licensing deal with Microsoft in October 2001 that lead to the majority of NHS trusts using IE 6 for internet and intranet access.
In 2006, CfH instructed trusts not to download copies of the latest versions of IE until it could confirm that the software worked with national applications delivered by the programme and its prime contractors.
However, last week Microsoft admitted that a security hole in IE6 had led to attacks against Google and other hackers in China.
This prompted both the French and German governments to warn internet users not to use the browser and to find an alternative, such as Mozilla Firefox or Google Chrome.
The UK government has been slow to react to the warnings. But yesterday the Cabinet Office issued a statement that said: “Government departments have been issued an alert on how to deal with this particular incident and to mitigate against vulnerabilities in relation to particular versions of IE.”
Following this, CfH issued guidance telling trusts to use the Microsoft website or their system management or patch management software to obtain an update to resolve the vulnerability.
The guidance states: “It is recommended that this update is applied to all affected computers within an organisation. Organisations should ensure that appropriate levels of testing of the update take place prior to mass deployment.”
It adds: “It is additionally further recommended that organisations still using Internet Explorer 6 on the affected platforms upgrade to Internet Explorer 7.
“Internet Explorer 7 has been warranted to work correctly with Spine applications such as the Clinical Spine Application and provides additional security features over Internet Explorer 6.”
Earlier this week, Microsoft said that Internet Explorer is still the most secure browser on the market.
Cliff Evans, Microsoft’s head of security and privacy, said that for web users to be affected they would have to be using IE6 on particular platforms and to visit a compromised website, of which there are apparently “very few.”
CfH is advising trusts to contact the Department of Health Informatics Directorate Infrastructure Security Team or to contact Microsoft or their vendor if they experience further problems.
Microsoft’s enterprise wide agreement with the NHS has been re-signed since 2001 and is due to be renewed again later this year.