Unfortunately, some of the exploits are with IE so switching mailers may not affect that unless you go to something that doesn't render anything in the mail, which is nice for some of us, but not for the average user. So, I'll let some of the other admins with experience in this area offer suggestions. I think however, you may have another problem with using Hotmail. Do you clean up after you send the data? Or is it hanging in a Sent folder? I work with the assumption that any data left on hotmail is public information! That includes *incoming* since that will sit on the server for some amount of time. If it's temporary/outgoing, it's not as bad. But if it's going to sit in a Sent folder, assume others can read it! (This feeling was established based on the hotmail exploits of the past, which may or may not have been fixed.) And based on your questions about encryption, it sounds like that's not yet implemented. If I recall correctly, HIPAA in 2004. But do continue to check on that for a more specific date. Most importantly, get to know the admins of the companies you deal with. If you do HIPAA, then anyone else you share such info with also has to deal with HIPAA. So, you're going to need to know them sooner or later, and take the same security measures. Jimmy -----Original Message----- From: Heidi To: CRIME Sent: 11/30/01 8:18 AM Subject: CRIME secure mail programs/internet As I have seen here on the list that some do not recommend that Outlook or Outlook Express be used for e-mail due to security holes, I would appreciate recommendations. This would be for people working on home computers, who have medical information stored on their systems. These are only connected to a network when they log in to transfer their work to the network. When the work is transferred they log in using a VPN. Otherwise, they are stand-alone PCs, which are used by some of the people for their work, as well as personal internet use. Hotmail is being used on the network end to send information to the home PCs. The concern here is when these people are surfing the internet that the medical files would be vulnerable to access, especially after reading the latest advisory sent below, in relation to internet explorer and previous postings I have read here on the list about not using Outlook. This system for these people is fairly new and they are in the learning stages of file protection, VPN, etc. Also, does any one in the medical related industry know what the dates are that we will have to be complaint using encryption on our files, and if there will be training provided using the required encryption, etc. to meet the compliance requirements for HIPA? . I have been asked by my employer to relay any of this information regarding security issues back to them. Thank you for any help in advance. Heidi This is the latest advisory I make reference to: National Infrastructure Protection Center "Multiple Vulnerabilities in Microsoft Internet Explorer - All Versions" Assessment 01-028 29 November 2001 You can respond to me individually at mcps@private <mailto:mcps@private> . Thank you, Heidi Henry
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:11 PDT