ECP's cyber security team has released the following statement related to a widely-reported cybersecurity vulnerability:
ECP is aware of the widely-reported vulnerability CVE-2021-44228 Log4j. We believe that our customers are not vulnerable due to their use of ECP and that no customer action is required in relation to use of ECP. We will continue to monitor the situation closely.
We have completed an analysis and concluded that our production clinical environment is not using a vulnerable version of Log4j. We identified certain non-production environments which required mitigation, which was completed successfully. To date, our analysis has not identified any compromise of our systems or any data breaches prior to the patching of those systems.
We identified certain non-clinical environments which required mitigation, which was completed successfully. To date, our analysis has not identified any compromise of our systems or any data breaches prior to the patching of those systems.
In addition to the steps above, ECP has worked with our production hosting environment to ensure that our hosting environment has taken network-level steps to mitigate any risks associated with this vulnerability, including the use of an IPS (Intrusion Prevention System).
ECP is deeply committed ensuring the cybersecurity of its customers and their data. Please reach out to support@ecp123.com with any questions.