Log4j is a tool used to help a programmer create output log statements to a variety of output targets. When you have a problem somewhere in the system, this tool is useful to have a log of data to sort through to help locate the issue. It’s part of the open-source library, meaning it’s used across many popular apps and websites, and is located on potentially hundreds of millions of devices across the world.
Why is this security flaw so bad?
According to the CNN article, experts are concerned about this vulnerability because of the easy access to a company’s server. Once in, they have access to other parts of the network. It’s also tough to find this vulnerability, or see when a system is compromised.
This can put any medical organization at risk, big or small. If an attacker gained access to a network, it would also gain control of the software. They could disconnect devices, disrupting daily procedures, ultimately putting patients at risk.
The problem goes deeper. Even if you don’t run anything using Log4j, there is still the risk of using a third-party program that does. For example, if you rely on a cloud service for your electronic health records, you could be infiltrated through this connection.
Just patch it
As soon as a weakness is discovered, programmers work to find a solution. That’s the premise behind patches - they’re designed to upgrade the code to seal up potential flaws within the system.
A patch was released to fix the Log4j problem, but it may not secure many healthcare-related systems due to the high use of legacy platforms within the healthcare environment. One of the biggest threat potentials is the ability to launch a ransomware attack from within. Because the hacker is inside the network, they can attack without looking for a way in.
So what do you do to protect your data?
Steps to take now
The fix will come in the form of patches. This has to be done internally with your in-house systems, and all third-party systems in use. You or your IT resource should check systems, programs, and devices to ensure the proper patchwork is in place.
If you have old technology that no longer is supported, it’s time to replace it altogether. At a minimum, disconnect old technology from the internet, so it’s no longer vulnerable. Replace it with up-to-date technology you can secure and control.
Ensure you patch and update as released. We get into the habit of ignoring security updates because they appear with such frequency. This is the easiest way to allow your devices to be exploited.
Are your medical devices vulnerable?
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.