The HHS 405(d) Task Group outlined risks associated with the cybersecurity vulnerability of Apache’s Log4j software library, which is used in medical devices and supporting systems, and various other applications to log security and performance information.
Apache Log4j is an extremely common Java framework used in a variety of applications, including Linux and Windows operating systems. Log4j is an open-source tool and is universally used by developers and vendors to enable logging features.
According to a previous brief from the Health Sector Cybersecurity Coordination Center (HC3), researchers first discovered the remote code execution (RCE) vulnerability in November.
However, proof-of-concept exploit code has been circulating on social media recently, making the vulnerability more widely known to threat actors.
Read the full article at Health IT Security.