On Thursday, December 9, 2022, a serious security vulnerability (CVE-2021-44228, referred to as “Log4Shell”) was reported involving a widely used logging module in Java called Log4J. Java is a very popular programming language and computing platform used by many developers to build software applications. The severity of this vulnerability is as bad as it gets, categorized as a 10 out of 10 and the first vulnerability to receive a score this high. This score reflects a combination of the ease with which a malicious hacker can take advantage of it, and the extent of what it allows the hacker to do.
As a result, many software companies, including EHR vendors, are publishing statements to inform their clients about how this impacts their software, and what is being done by the vendor, or what the client should do, to address this problem.
STI would like you to know that the ChartMaker Medical Suite is not susceptible to this vulnerability because the Medical Suite does not install or incorporate this software, nor does any of the standard or optional third-party software components installed with the Medical Suite.
If you do not currently employ hardware and network support through STI’s Managed Services, STI encourages you to reconsider as this service offering will help protect your systems and business continuity and resolve issues like this that will unfortunately continue to arise. STI’s Managed Services Division has already assisted clients that do unknowingly have systems vulnerable to this problem.
For further information see, Apache Log4j Vulnerability Guidance | CISA.