The HHS Cybersecurity Program has issued a letter warning of a software vulnerability that puts healthcare providers across the country at risk of a cyberattack.
The letter, sent Dec. 10, warns of a vulnerability in Log4j, a highly utilized piece of open-source code. HHS said hackers' exploitation of the vulnerability can lead to data exfiltration and ransomware.
The Cybersecurity and Infrastructure Security Agency, the operational lead for federal cybersecurity, created a webpage and GitHub repository to provide up-to-date information and advisories on the vulnerability.
HHS and CISA recommend healthcare organizations upgrade to Log4j version 12.15.0, a version released Dec. 10, to address the vulnerability.