MHS statement on vulnerability in Apache Log4j
On December 9th, MHS learned that a new vulnerability has been found in Apache Log4j, a Java logging tool used by many web applications and services. (CVE-2021-44228). This logging software is used globally by nearly all companies to maintain digital logs.
At MHS the security of our data and our Customers’ data is our top priority. MHS and our security partners are working to identify, isolate, and remediate this threat. We have learned that several third-party applications leverage Log4j as part of their software. We are working with our vendors to remediate those applications and eliminate the risk. Our cybersecurity experts have installed several additional protection measures in our systems to mitigate potential risks at all times. The cybersecurity and continuity risks are continuously reviewed and updated as needed. If a vulnerability is detected, we are warned immediately and will resolve it as soon as possible.
MHS will continue to take all actions necessary to protect our operating environment and our and our customers data. More information about the leak and how to protect against it is available at www.cve.org. Customers should reach out to their normal contacts for questions or concerns.
Click here for more information about our security policy.