LOG4j is a Java based logging tool. Simply put, it has a vulnerability that could enable a hacker to take control of your system. Updated versions of Log4j were released by Apache Software Foundation on Thursday, December 9, 2021, and Tuesday December 14,2021 to resolve a remote code execution vulnerability on a Java logging library that is used by many enterprise software applications. Healthix has identified potential vulnerability and any risk has been addressed.
Healthix has conducted a thorough risk analysis and though our use of it is in applications that sit behind our firewall and require VPN access, we identified potential vulnerability. Our due diligence and risk mitigation has included internal/external outreach, through various channels, to assess our status. Additionally, Healthix has worked with our vendors where potential exposure to the LOG4j vulnerability might exist. We have completed remediation steps on all servers/appliances that were deemed to have potential vulnerability within an application suite.
To learn more about current status of LOG4j, read here