If any critical security issues arise, we may comment about the impact to Redox below. The announcements are sorted by date, with the most recent announcement at the top of this page.
February 27th, 2024
Change Healthcare, part of Optum and United Health Group, was affected by a cyber security event. Change Healthcare shut down parts of their network to contain the incident.
This security event impacted a small subset of Redox connections. These connections were taken offline and will remain offline until Optum confirms that security has been restored. Impacted Redox customers have been contacted directly, and we'll continue to keep them informed as connections are brought back online.
See the official comment release.
December 14th, 2021
With regards to the recently-disclosed "Log4Shell" vulnerability in the Apache Log4j project (CVE-2021-44228): Redox has been reviewing our environment to identify any hosts, services, or third party components that had the potential to be vulnerable.
In summary, Redox has not been impacted by the Log4j vulnerability.
In detail:
- Once the vulnerability was publicly disclosed, Redox promptly began an audit of our software and infrastructure, and engaged with third party software vendors to identify potential exposure.
- Redox doesn't use Log4j or Log4j2 in our development stack.
- We have audited third-party software in our production environment. After review, we don't believe components utilizing Log4j or Log4j2 are vulnerable. In line with our vulnerability and change management procedures, and out of an abundance of caution, we're updating these components to new versions.
- We have also audited our log systems and found no successful attempts to leverage the vulnerability.
Redox’s security team will continue to monitor our environment to help ensure the CVE-2021-44228 vulnerability is fully addressed and does not impact our customers’ data.