SECURITY

Keeping patient data secure is a never-ending task. Hospitals and health systems constantly face increasing regulation for protecting the security of patient health information; yet, data breaches remain common in the industry.

As health system leaders make data security a priority, so do we at ARDx Informatics. By focusing on development, security and compliance of our RALS systems management, users can be confident that the security of our system is consistently delivered.

RALS System Security

For specific information on RALS system security, click here >

***********************************************************************************

Apache Log4j Library Vulnerability

On 10 Dec 2021 a vulnerability was discovered in the Apache Log4j library  versions 2.0.1 through but not including 2.15.0. This vulnerability is  identified in the NIST database as CVE-2021-44228.  ARDx Informatics has performed an analysis and confirmed that RALS does  not reference this package and is not susceptible to this vulnerability.

Log4j is used by the Mirth and that CVE-2021-44228 only affects Log4j  versions < 2.15 (i.e. 2.0 - 2.14), which Mirth does not use. For a detailed description of the identified vulnerability please refer to https://nvd.nist.gov/vuln/detail/CVE-2021-44228. No actions are necessary.

If you have any questions regarding this information or would like to upgrade, please contact us at rals.support@abbott.com. 

To download a copy of this notification, click here.

***********************************************************************************

RALS 7.1.4 utilizes Mirth version 4.1.0

Upgrading Mirth separately from RALS is not supported at this time. Mirth version 4.4.1 will be included in RALS version 8.1.0.

Although Mirth 4.1.0 is susceptible to the vulnerability described in CVE-2023-43208 the default configuration for Mirth that is included with RALS mitigates the exposure to the vulnerability in the following ways:

1. The RALS application is deployed within a hospital's internal network and is not exposed to the public internet in any way which limits the exposure to potential exploit.
2. Mirth is configured to utilize a local virtual service account (NT SERVICE\<SERVICENAME>) instead of the SYSTEM account which is the default account used by the Mirth install.
3. Mirth is configured to utilize custom ports instead of the default 8080 and 8443. The ports utilized for Mirth are 49111 and 49112.
4. The windows firewall on all RALS servers is configured to not allow inbound traffic on ports 49111 and 49112 which limits access to the Mirth web interface to local access only.

If you have any questions regarding this information or would like to upgrade, please contact us at rals.support@abbott.com.