On December 9th, 2021, a critical vulnerability was discovered in a popular code library, Log4J, that affected many applications across the world. It affected everything from firewalls to security software. Essentially, anything that uses this library and takes user input is potentially vulnerable. Researchers have named this vulnerability Log4Shell.
Log4Shell allows an attacker to remotely execute code by sending a specially crafted set of characters to a vulnerable server, firewall, VPN client, etc. This vulnerability is being actively exploited. Everything from crypto-miners to ransomware is being installed remotely via this exploit.
Nextech Clients Can Relax
Thankfully, if you're already a Nextech client, you can relax. We have taken this threat seriously and already completed a comprehensive review. You'll be relieved to know that our products are safe from this threat; however, we will continue to monitor the situation closely. Updates will be provided if there are any new findings. You can read more about this vulnerability at the following link: https://logging.apache.org/log4j/2.x/security.html.
For your practice, if you have an IT team, work with them to ensure that your vendors are not vulnerable or, if they are, to ensure that you have been patched to the latest version. Vendors such as SonicWall, Citrix, IBM, and others have varying levels of vulnerabilities. As you identify vendors, check their websites for blog posts or reach out to those vendors directly to see what, if any, steps need to be taken to protect your practice’s data security. To put things in perspective as to how widespread this is, Minecraft servers are vulnerable to the Log4Shell exploit and need to be patched.
Brush Up on Those Security Skills
You may also want to take this as an opportunity for you and your staff to brush up on your cybersecurity skills and data best practices. For a wealth of articles on this subject, check out our Security & Data Management articles. For more industry news, informative articles, and regular updates like this, consider subscribing to this blog.
At Nextech, we are continuing to monitor this ongoing situation and will update our users as things develop.
If you'd like to learn more about partnering with a proven, secure partner for your practice management and EHR needs, fill out this form and a member of our team will contact you shortly.