Millions of patients’ data hacked in “first confirmed” Heartbleed heist
Community Health Systems (CHS) Inc. has become the latest U.S. institution to come forward about falling victim to Chinese hackers after admitting in an SEC filing last week that personally identifiable information about millions of patients was stolen over the course of two separate attacks in April and June.
An investigation conducted on behalf of the hospital giant by FireEye Inc. subsidiary Mandiant has concluded that the level of sophistication and modus operandi behind the breaches points to an “Advanced Persistent Threat” group based in China, according to the document. The firm, which rose to prominence in 2013 after directly implicating the People’s Liberation Army in a separate case of cyberespionage, conceded that intellectual proprietary is typically the target in these kinds of attacks but nonetheless stands by its findings.
CHS said that the intruders had gotten away with data belonging to as many 4.5 million patients who have gone through its system in the past five years. The company divulged that the stolen trove contained names, addresses, social security numbers and all manner of other sensitive details but claimed an internal examination “confirmed” no credit card or medical information fell into the hands of the attackers, which should come as some relief to the affected users.
The filing doesn’t disclose much more that, but a blog post from TrustedSec LLC published a day after the breach fills in some of the gaps. The security consultancy cites a “trusted and anonymous source close to the CHS investigation” as saying that the hackers exploited the notorious Heartbleed vulnerability in the widely-used OpenSSL cryptography to compromise a device from Juniper Networks Inc. used in the company’s IT environment. The bug allowed the assailants to successfully lift login credentials for CHS’s virtual private network (VPN) off the appliance, TrustedSec goes on to write, and the rest was cake from there.
The firm points to the incident as the first confirmed breach where Heartbleed was used as the initial attack vector, but ominously adds that “there are sure to be others out there.” If its data is accurate, then we can expect the now supposedly “mostly fixed” Heartbleed to continue making headlines in the coming weeks and months.
photo credit: id-iom via photopin cc
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
