Printed from http://www.electronista.com

Heartbleed suspected to be point of entry for CMS records breach

updated 05:15 pm EDT, Wed August 20, 2014

OpenSSL vulnerability the first attack vector, occured shortly after bug announced

Security firm TrustedSec says that it learned how hackers were able to obtain records from Community Health Systems (CHS). According to a statement released by the firm yesterday, the initial attack occurred through an OpenSSL vulnerability. An anonymous source tied to the investigation told the company that Heartbleed, a vulnerability that has made headlines in recent history, is to blame for the breach.

CHS recently reported in a filing to the United States Securities and Exchange Commission that it was the target of data theft from April to July. While the company was eventually able to halt the transfer of data, it was found that hospital patient records including names, addresses and Social Security numbers for 4.5 million patients were stolen. Details on the method and type of attack were unknown, other than to say a Chinese group was responsible.

TrustedSec states that it received the first details on the breach from an anonymous source close to the case. The source told the firm that attacking OpenSSL through the Heartbleed bug was the "initial attack vector," which would allow the attackers to gain complete access to the system afterward. Credentials were obtained through the memory on a CHS Juniper device.

David Kennedy, the founder of TrustedSec, spoke with Bloomberg about the attack, adding that there was no proof prior to the information leak that CHS systems were attacked. Bloomberg reached out to CHS about the Heartbleed bug as the access entry point, but spokeswoman Tomi Galin declined to comment.

The CHS system was accessed about a week after Heartbleed was announced, but before the company was able to patch its systems. TrustedSec says that this is the "first confirmed breach of its kind" that is tied to Heartbleed as the first wave of attack.



By Electronista Staff
toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News