Aug 20, 2014 01:00 PM EDT
Community Health Systems Breach Biggest Ever to Exploit Heartbleed Bug

Hackers who took the personal information of around 4.5 million patients of hospital group Community Health Systems Inc. broke into the company's computer system by exploiting the "Heartbleed" internet bug, making it the first known large cyber-attack using the flaw, according to a security expert who spoke with Reuters.

The hackers took advantage of the pernicious vulnerability that surfaced in April, got into the system by using the Heartbleed bug in equipment made by Juniper Networks Inc, said David Kennedy, chief executive of TrustedSec LLC, to Reuters this week.

Kennedy confirmed that a number of sources familiar with the investigation into the attack confirmed that Heartbleed provided hackers access to the system.

Community Health Systems said on Aug. 18 that the attack originated in China.

Kennedy testified before the U.S. Congress on security flaws in the healthcare.gov website that people in the U.S. use to sign up for Obamacare health insurance programs. He added that the hospital operator uses Juniper's equipment to provide remote access to employees through a virtual private network (VPN).

The hackers used stolen credentials to log into the network pretending to be employees, Kennedy confirmed. Once they got in, they hacked their way into a database and stole millions of social security numbers and other data.

Heartbleed is a major bug in OpenSSL encryption software that is used to secure websites and technology products like data center software, telecommunications, and mobile phones.

It makes systems vulnerable to data theft by hackers who can attack without anyone knowing about it, according to Reuters.

Community Health Systems is one of the biggest hospital groups in the U.S. It said the information stolen included patient names, social security numbers, birth dates, addresses and phone numbers of people who were referred or received services from doctors affiliated with the company since 2009.

A spokesman for FireEye Inc's Mandiant forensics unit, which is leading the investigation into the breach, has not commented publicly yet regarding the news.

At least 900 people had their information stolen back in April after hackers exploited the Heartbleed bug, according to Canada's tax-collection agency.

See Now: OnePlus 6: How Different Will It Be From OnePlus 5?

 PREVIOUS POST
NEXT POST 

EDITOR'S PICK    

Hyundai to Invest $16.1 Billion for EV Business; Sets Annual Sales Goal of 1.87M Electric Cars by 2030

World's Most Expensive and Most Heavily-optioned Porsche 928 GTS is Coming Home to the U.S.

Major Boost as Tesla Giga Berlin Facility in Final Phase of Approval Process; Delivery Event Set This Month

Audi Looking for e-tron Electric Vehicles to Spur Car Brand's Growth in India in 2022

Toyota Offers Free EV Charging to Owners of 2023 bZ4X After Partnership Agreement with EVgo

2022 Suzuki Baleno Finally Unveiled in India: What are the Specs and Features of this City Car?