The Department of Health and Social Care (DHSC) has issued urgent warning and advice on a critical cyber risk, CVE-2021-44228, also known as Log4Shell or LogJam.
NHSX asks that all adult social care providers, and all those running or providing digital services in the sector consider the information below and act accordingly.
What is happening?
The threat enables attackers to access IT systems from where they could deploy cyber attacks such as ransomware. It is highly likely that most, if not all, IT and digital systems used by adult social care providers will be affected.
NHSX suggests the following preventative actions:
- Check your digital suppliers’ website and follow their advice about mitigating cyber vulnerabilities. In this case, the most important action is to install the latest version as soon as practicable.
- If your software suppliers do not have guidance, you may wish to contact them and ensure they are acting accordingly, and scanning for Log4j2 vulnerabilities in particular.
- Your Local Support Organisation, through DSC’s Better Security, Better Care Programme, will be on-call to help or escalate issues you have. This may be especially helpful if you do not have IT support.
- For technical advice and further details, you may find the following updates and guidance useful: National Cyber Security Centre (NCSC), NHS Digital, Microsoft.
- If there are any indications of a compromise, please report this as soon as possible to the NCSC via https://report.ncsc.gov.uk/.
- Follow Digital Social Care on Twitter for sector-specific and relevant updates.
NHSX also strongly encourages you to use this alert to review your continuity plans, run a data back-up, and consider purchasing cyber insurance, if you have not done any of those recently.