On December 10, 2021, a vulnerability for a widely used file logging utility called Apache Log4j was made public to the world. This particular vulnerability received the highest Vulnerability Risk Rating possible.
This article will discuss how zero-day vulnerabilities, like the Log4J exploitation, can cause struggles for smaller hospital information technology and security departments. We will also cover how these exploitations illustrate the need for prioritized cybersecurity preparedness and properly optimized security tools.
Zero-day events like the Log4J exploitation are problematic for various reasons.
Recovery timeframes are unforgiving. A zero-day exploit means that the "bad guys" can take advantage of a security gap before the "good guys" have an opportunity to patch or mitigate the vulnerability.
In healthcare, this means a hospital's IT and security staff must immediately drop their day-to-day support tasks and quickly switch gears to determine all places Log4J is utilized.
Log4J is hard to pinpoint, and IT teams must apply remedies to high-risk areas. Most of these high-risk areas are internet-facing. An IT team may think this is easily solved by focusing on precompiled charts that identify middleware or software designed to support programs outside an operating system. However, most teams only possess a loose understanding of server deployment related to each instance's software. In the case of a zero-day event, the significant time needed to identify each component running in the background is not something these teams are afforded.
Weak patches and human error can act as doorways to internal systems. It is relatively easy to argue that if there are zero vulnerable applications hosted on the internet, a bad actor has zero pathways to your internal network. But one successful phishing attack on a weak patch can change all of that. And while a firewall does prevent malicious programs from penetrating your defenses, it cannot compensate for an inadequate patching program.
Preparedness and protection are the best way to avoid an attack, but as noted earlier, zero-day events give IT teams little time to react.
Vulnerability scanners, firewalls, and intrusion prevention systems (IPS) all do a reasonably good job of identifying and isolating threats and any network components that may be exposed. However, these tools also require much maintenance, taking valuable time and resources away from internal IT teams.
Simply having a cybersecurity infrastructure in place will not suffice. IT teams must make a concentrated effort to configure defensive measures appropriately and ensure they are continuously optimized.
For example, intrusion prevention systems (IPS) come with the added challenge of encryption in transit. IT and security departments must consistently load decryption keys into IPS security controls to receive their benefit. Improper or inconsistent encryption upgrades or configurations can easily create a false sense of security. Alerts on non-encrypted traffic may arise while encrypted traffic is ignored.
Staying on top of encryption while considering all the security toolsets that must adapt to those changes is a lot of work.
The excellent news for Log4J on Apache is that the fix is not overly complicated. Once the exploitation is found and isolated, IT security teams can quickly resolve the problem with little effort. The challenge is all the resources it takes to uncover each area the bug may exist in any given environment.
At MEDHOST, our MEDHOST Direct clients sleep easier knowing MEDHOST development operations, security, and infrastructure teams react quickly to harden the cybersecurity defenses surrounding our applications and tools while mitigating the effects of potential problems. Our trusted and knowledgeable cybersecurity security professionals manage the entire recovery and security process with little to no effort on the client's side.
We also offer a service that includes managing and maintaining MEDHOST applications for organizations that host their EHR on-premises. Regularly scheduled status updates with our clients and their IT teams are another essential feature of our cloud-based and managed services. In these meetings, we offer complete transparency into our strategy for mitigating the effects of any potential cyber threats and the continued development of our protective measures.
To learn more about how MEDHOST protects their hospitals from cyber threats and reduces its impact on their operations, please contact your MEDHOST Customer Success Executive.