Web Plug-Ins and Extensions: The Time to Patch and Upgrade is Now to Avoid Ransomware and Other Malware

You likely have several web plug-ins or extensions which enhance your web browsing experience or functionality. Plug-ins and extensions can be used for business, entertainment, and other purposes. Plug-ins and extensions, though, can be vulnerable to exploitation as well. Many organizations have a plan in place to upgrade operating systems and applications, but not necessarily web plug-ins and extensions. In cases such as these, it may be up to the end user to manage them. Just as with operating systems and applications, if plug-ins and extensions are not upgraded or patched, they may be exploited by attackers, taking advantage of known and potentially unknown (i.e., zero-day) vulnerabilities. For these reasons, the time to patch or upgrade is now.

Here are some easy steps you can take to enhance the overall security of your web browsing experience:

  1. Review the plug-ins and extensions which your web browser uses.
  2. Consider disabling or removing plug-ins and extensions if:
    1. The plug-in or extension is not from a trustworthy source;
    2. The plug-in or extension has a lot of security bugs/vulnerabilities; or
    3. For other reasons, you believe that running the plug-in or extension is too great of a risk.

Alternatively, you may also consider running the web plug-in or extension only when you authorize such an action.

Some additional tips include the following:

  1. Upgrade the plug-ins and extensions which you choose to use to the latest version. There are tools available to automatically check for any updates.  Notwithstanding these tools, you can also manually check for newer versions for your web browser(s). 
  2. As a rule of thumb, upgrade your plug-ins and extensions as soon as possible. Automatic updating, when feasible, may be your best bet. 
  3. Upgrade your web browser to the latest version.
  4. Consider using pop-up blockers or ad blocking software.
  5. Be cautious about executable scripts and objects.
  6. Be cautious about free software websites and other types of “free” files.
  7. Access trustworthy sites.
  8. Don’t Catch that Phish.

Do this for the systems you use at work, at home, and while on the road—and your systems will be better protected. Additionally, if you ensure that your applications, operating systems, and firmware are fully up-to-date (with the latest versions), you may be less of a target. Remember: Time is money, even for hackers – if you immediately upgrade or patch, there will be even less of a chance for the hacker to exploit that vulnerability. Whether you work for a hospital, physician practice, long-term care facility, health plan, other healthcare organization, or provide services to them (e.g., accounting, legal, billing, etc.), the time to be proactive about security is now.

Additional resources:

HIMSS: Practical Tips on Safeguarding Information for Healthcare Organizations
HIMSS: The Healthcare Industry's Guide to Keeping Information Safe & Secure When You Are Mobile
Adobe Security Bulletins and Advisories, including Acrobat and Flash Player
Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin, including Java
National Vulnerability Database

privacy and securityHIMSScybersecurity