View all newsletters
Receive our newsletter – data, insights and analysis delivered to you
  1. News
August 20, 2014updated 01 Oct 2021 7:29am

Hackers used Heartbleed bug to breach CHS data: TrustedSec

Hackers have reportedly used Heartbleed internet vulnerability to hack into the database of US-based hospitals group Community Health Systems.

Hack

Hackers have reportedly used Heartbleed internet vulnerability to hack into the database of US-based hospitals group Community Health Systems.

Information security firm TrustedSec said that the attackers used the bug in equipment made by Juniper to log into the computer system of the hospital.

TrustedSec said in a blog post that confirmation of the initial attack vector was obtained from a trusted and anonymous source close to the CHS investigation.

The company added that the attackers were able to glean user credentials from memory on a CHS Juniper device via the heartbleed vulnerability, and use them to log in via a VPN.

Discovered in the open-source encryption software OpenSSL in April, the Heartbleed bug leaves systems running on the widely-used cryptographic software library vulnerable. The bug has since been rectified.

If confirmed, the CHS hack would be the biggest data breach to have happened through Heartbleed. Previously this year, the database of Canada Revenue Agency was hacked and social insurance numbers of about 900 citizens were stolen from the website.

CHS said on Monday that its computer network was hacked in April and June by an ‘advanced persistent threat’ group believed to orginate from China.

The company said that the attacker was able to bypass the company’s security measures and copy and transfer certain data outside the company.

Details of approximately 4.5 million individuals were breached.

Data such as patient names, addresses, birthdates, telephone numbers and social security numbers, which is protected under the Health Insurance Portability and Accountability Act, was compromised.


Image: The data of 4.5 million individuals was breached in the CHS hack. Photo: courtesy of Salvatore Vuono at Freedigitalphotos.net.

Related Companies

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Get important industry news and analysis sent to your inbox
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Hospital Management