³Ô¹ÏÍøÕ¾

Cybersecurity vulnerabilities – Apache Log4j

TGA

The Australian Cyber Security Centre (ACSC) has .

The TGA is aware of a critical cybersecurity vulnerability in Apache’s Log4j software library, versions 2.0-beta9 through to 2.16.0. Log4j is an open-source tool used widely across a multitude of services, applications, websites, and systems, at both consumer and enterprise levels, to log system information. There is currently widespread and active malicious exploitation of this vulnerability across multiple industries.

As such, there may be risks relating to compromise or unavailability of:

  • medical devices and healthcare delivery (including to cloud-based services)
  • privacy of proprietary and patient information
  • therapeutic goods manufacturing systems
  • QMS/GMP management systems
  • supply chains.

The TGA recommends and encourages healthcare delivery organisations, therapeutic goods sponsors and manufacturers to review and implement this guidance in order to mitigate and detect exploitation of this vulnerability. Additionally, the US Cybersecurity & Infrastructure Security Agency is .

Actions that can be taken to mitigate vulnerabilities

The TGA reminds manufacturers that they must assess whether they are affected by this vulnerability, evaluate risk, and implement mitigations and remediations including providing information to users of their devices.

/Public Release. View in full .