News Flash: What You Need to Know About Protection from Log4j Hacks

“The Log4j security flaw could impact the entire internet.” CNN’s headline is striking terror in computer users around the world. The Log4j problem, discovered just a week ago, affects 3 billion devices, and could allow hackers access to your system to cause mischief. Apple, Google, Amazon and IBM are all vulnerable. So are even middle-school Minecraft players, where the flaw was first spotted. Are Kareo users at risk?

The Quick Answer

No. “We’re on top of this,” says Jesse Salmon, head of Kareo’s cyber security. “We carefully reviewed all of our software source code the moment we learned of the threat, and have verified that our systems are not vulnerable. We are confident that Kareo users are safe.” Take a big sigh of relief! To learn more about the flaw and Kareo’s speedy response, read on.

What is Log4j?

Log4j is a software library commonly used by developers, touching virtually every part of the Internet. Its extreme popularity is due, in part, to it being open-source; it can be freely distributed and modified without permission. In fact, it is often buried in code without the developer being aware of it. That’s what makes it so pernicious.

Why is it dangerous?

Hackers can use Log4j to launch unauthorized code without the user’s knowledge or interaction. The breach is critical because attackers can so easily use it to break into vulnerable systems. Also, it is spreading very quickly. Experts believe that many large organizations have already been breached using the Log4j flaw, but they don’t realize it yet.

How is Kareo responding?

“Like every other tech company, we know that there’s always a risk of a security breach,” notes Salmon. “We just never know when or how an attack will happen – it’s basically a matter of time. So we’re constantly on the lookout for threats. The minute we learned about Log4j, even before it had a name, we mobilized our dedicated cyber security experts, development engineering and network operations teams. Users started calling us when news of the threat got out, and we were all ready to reassure them.”

How does Kareo approach cyber security?

The security and privacy of our systems are always top priorities at Kareo. Our cyber-security program includes industry-leading solutions to protect Kareo’s critical infrastructure, including sophisticated layers of security. In fact, the team has detected and blocked actual attacks in the past, and verified that there were no signs of compromise. Additional safeguards include a Next Generation Firewall, Web Application Firewall (WAF) and endpoint security software, which are all confirmed to block exploitation with Log4J.

Kareo also employs the detection services of a Security Operation Center, a third-party that monitors Kareo’s networks and servers 24/7 for indicators of compromise. No signs of Log4j compromise have been detected or reported to date.

What about Kareo partners?

We work closely with our vendors and partners, proactively updating any software patches related to the Log4J flaw or other vulnerabilities. Kareo's security team remains vigilant to protect critical IT infrastructure and customers' data at all levels. Learn more about Log4j at the Wall Street Journal.

For more information on how Kareo keeps its customers' data secure and protected, visit us here.