eHealth Exchange Hub
The eHealth Exchange Hub solution is managed and maintained by our InterSystems technology partner. InterSystems has provided this link to the current status of their vulnerability assessment efforts: https://www.intersystems.com/gt/apache-log4j2/.
The Hub is based on HealthShare Unified Care Record, which InterSystems has confirmed is not vulnerable. InterSystems continues to evaluate ancillary systems that are used internally in support of operations, and we expect further updates on those as more information becomes available.
eHealth Exchange Participant Directory
In terms of the Participant Directory, we have confirmed there is no impact.
eHealth Exchange Hub Dashboard
The Hub Dashboard is managed and maintained by Cognosante, another one of our technology partners. They have confirmed that the Apache Log4j Remote Code Execution Vulnerability does not apply to the Hub Dashboard, as the Dashboard’s architecture and technology are based on JavaScript and no part of the Dashboard uses Apache.
eHealth Exchange Integrated Testing Platform (ITP)
As a reminder, the ITP is utilized for the Sequoia Project Testing Programs including transport and content testing.
The ITP transport and security testing services have been restored with participants able to access the system fully. As the data was restored from backup and the systems were updated with remediated software, it may be the case that some additional configuration will be needed over the coming days. Please contact testing@sequoiaproject.org for any questions or issues. Organizations who are actively engaged with transport or security testing, can access the tooling at https://validation.sequoiaproject.org.
As reported on 12/16/2021, the Content Validation Service (gazellecontent.sequoiaproject.org) remains available and in service. The service was restored from backup as of December 2, 2021, and remediation applied. Content samples processed from December 2 to December 10 were also recovered from backup but are not present in the GUI.