Hackers Exploited Heartbleed Bug to Steal Patient Data from Community Health Systems

Tuesday, August 19, 2014

Mike Lennon


(SecurityWeek) - Earlier this week, Community Health Systems, one of the largest hospital operators in the United States, announced that hackers managed to steal the records of 4.5 million patients.

FireEye-owned Mandiant, known for investigating high-profile breaches, was hired to investigate the incident and believes the attack was the work of a Chinese advanced persistent threat (APT) group.

While no technical details of the attack had previously been disclosed, information security firm TrustedSec, citing sources familiar with the incident, said on Tuesday that the initial attack vector was through the infamous “Heartbleed” vulnerability in OpenSSL, which provided the attackers a way in, eventually resulting in the compromise of patient data.

Analysis by SecurityWeek shows the claims made by TrustedSec match up well to previously shared details from an attack that SecurityWeek reported on earlier this year, which leveraged the Heartbleed bug to bypass two-factor authentication and hijack user sessions.

Read the Full Story at SecurityWeek



Possibly Related Articles:
HIPAA Enterprise Security Breaches CVE Vulnerabilities
Information Security
VPN breach vulnerability Mandiant Heartbleed Community Health Systems
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.