U.S. hospital breach biggest yet to exploit Heartbleed bug – expert




Whatsapp News

U.S. hospital breach biggest yet to exploit Heartbleed bug - expertHackers who stole the personal data about 4.5 million patients hospital group Community Systems Inc broke into the company’s computer system by exploiting the “Heartbleed” internet bug, making it the first known large-scale cyber attack using the flaw, according to a security .

The hackers, taking advantage the pernicious vulnerability that surfaced in April, got into the system by using the Heartbleed bug in equipment made by Juniper Networks Inc, David Kennedy, chief executive TrustedSec LLC, told Reuters on Wednesday.

Kennedy said that multiple sources familiar with the into the attack had confirmed that Heartbleed had given the hackers access to the system.

Community Systems said on that the attack had originated in China.

Kennedy, who testified before the .S. on security flaws in the healthcare.gov website that Americans use to sign for Obamacare insurance programs, said the hospital operator uses Juniper’s equipment to provide remote access to employees through a virtual private network, or VPN.

The hackers used stolen credentials to log into the network posing as employees, Kennedy said. Once in, they hacked their way into a database and stole millions security numbers and other records, he said. [eap_ad_2] Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and products including mobile phones, data center software and telecommunications equipment.

It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace.

Community Health Systems, one of the biggest .S. hospital groups, said the information stolen included patient names, addresses, birth dates, phone numbers and security numbers of people who were referred or received services from doctors affiliated with the company over the last five years.

Representatives of Community Health Systems could not be reached for comment outside regular .S. business hours. A Juniper spokeswoman said she had no immediate comment.

A spokesman for FireEye Inc’s Mandiant forensics unit, which is leading the into the breach, declined to comment.

Canada’s tax-collection agency said in April that the private information of about 900 people had been compromised after hackers exploited the Heartbleed bug. (Reuters)[eap_ad_3]