Data protection and cyber security elearning for care workers
Date: Tuesday 12 December 2023
The Department of Health and Social Care (DHSC) is issuing an urgent note setting out the current situation and advice on a critical cyber vulnerability, CVE-2021-44228, also known as Log4Shell or LogJam.
NHSX asks that all adult social care providers, and all those running or providing digital services in the sector consider the information below and act accordingly.
A critical cyber vulnerability has been found within Apache Foundation Log4j2 (‘Log4j2’) that could enable attackers to access IT systems from where they could deploy cyber attacks such as ransomware. This is a global vulnerability which will be important for many organisations around the world to address.
The vulnerability is almost certain to be in most, if not all organisations in some way. Although NHSX are, as yet, unaware of any incidents in health or care, cyber criminals are scanning for this vulnerability. This means the cyber criminals are conducting reconnaissance, so they are taking a look to see which organisations have the vulnerability and where those vulnerabilities are.
Log4j2 is used by software developers as they create applications. It processes logs of activity and is embedded into many systems, including those in use in adult social care. It is highly likely that most, if not all, IT and digital systems used by adult social care providers will be affected.
The ultimate concern is that attackers may seek to use the vulnerability in Log4j2 to encrypt or damage your digital systems, such as your digital care plans. Furthermore, after gaining access confidential sensitive or financial data can be stolen and potentially sold on-line. Cyber attackers could also hold you to ransom in what is known as a ‘ransomware attack’.
Notify your IT team or the person responsible for IT, and ensure actions are taken.
NHSX suggests the following:
NHSX also strongly encourages you to use this alert to review your continuity plans, run a data back-up, and consider purchasing cyber insurance, if you have not done any of those recently.Back to News