Printed from http://www.electronista.com

Heartbleed suspected to be point of entry for CMS records breach

updated 05:15 pm EDT, Wed August 20, 2014

OpenSSL vulnerability the first attack vector, occured shortly after bug announced

Security firm TrustedSec says that it learned how hackers were able to obtain records from Community Health Systems (CHS). According to a statement released by the firm yesterday, the initial attack occurred through an OpenSSL vulnerability. An anonymous source tied to the investigation told the company that Heartbleed, a vulnerability that has made headlines in recent history, is to blame for the breach.

CHS recently reported in a filing to the United States Securities and Exchange Commission that it was the target of data theft from April to July. While the company was eventually able to halt the transfer of data, it was found that hospital patient records including names, addresses and Social Security numbers for 4.5 million patients were stolen. Details on the method and type of attack were unknown, other than to say a Chinese group was responsible.

TrustedSec states that it received the first details on the breach from an anonymous source close to the case. The source told the firm that attacking OpenSSL through the Heartbleed bug was the "initial attack vector," which would allow the attackers to gain complete access to the system afterward. Credentials were obtained through the memory on a CHS Juniper device.

David Kennedy, the founder of TrustedSec, spoke with Bloomberg about the attack, adding that there was no proof prior to the information leak that CHS systems were attacked. Bloomberg reached out to CHS about the Heartbleed bug as the access entry point, but spokeswoman Tomi Galin declined to comment.

The CHS system was accessed about a week after Heartbleed was announced, but before the company was able to patch its systems. TrustedSec says that this is the "first confirmed breach of its kind" that is tied to Heartbleed as the first wave of attack.



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Patriot Supersonic Rage XT 128GB USB drive

USB memory sticks are getting larger by the day, their growth speeding along with the availability and expansion of memory chips. But ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

Sponsor

toggle

Most Commented

 
toggle

Popular News