News

Hospital data breach biggest yet to exploit Heartbleed bug

Hospital data breach biggest yet to exploit Heartbleed bug

HEARTBLEED: Community Health Systems, one of the biggest U.S. hospital groups, said the information stolen included patient names, addresses, birth dates, phone numbers and social security numbers of people who were referred or received services from doctors affiliated with the company over the last five years. Photo: Reuters

By Jim Finkle and Supriya Kurane

(Reuters) – Hackers who stole the personal data of about 4.5 million patients of hospital group Community Health Systems Inc broke into the company’s computer system by exploiting the “Heartbleed” internet bug, making it the first known large-scale cyber attack using the flaw, according to a security expert.

The hackers, taking advantage of the pernicious vulnerability that surfaced in April, got into the system by using the Heartbleed bug in equipment made by Juniper Networks Inc, David Kennedy, chief executive of TrustedSec LLC, told Reuters on Wednesday.

Kennedy said that multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system.

Community Health Systems said on Monday that the attack had originated in China.

Kennedy, who testified before the U.S. Congress on security flaws in the healthcare.gov website that Americans use to sign up for Obamacare health insurance programs, said the hospital operator uses Juniper’s equipment to provide remote access to employees through a virtual private network, or VPN.

The hackers used stolen credentials to log into the network posing as employees, Kennedy said. Once in, they hacked their way into a database and stole millions of social security numbers and other records, he said.

Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data center software and telecommunications equipment.

It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace.

Community Health Systems, one of the biggest U.S. hospital groups, said the information stolen included patient names, addresses, birth dates, phone numbers and social security numbers of people who were referred or received services from doctors affiliated with the company over the last five years.

Representatives of Community Health Systems could not be reached for comment outside regular U.S. business hours. A Juniper spokeswoman said she had no immediate comment.

A spokesman for FireEye Inc’s Mandiant forensics unit, which is leading the investigation into the breach, declined to comment.

Canada’s tax-collection agency said in April that the private information of about 900 people had been compromised after hackers exploited the Heartbleed bug.

(Reporting by Jim Finkle in Boston and Supriya Kurane in Bangalore; Editing by Gopakumar Warrier and Ted Kerr)

Recent Headlines

in National

Amanda Knox murder conviction overturned

FILE - In this Jan. 31, 2014, file photo, Amanda Knox prepares to leave the set following a television interview in New York. Knox is engaged to Colin Sutherland, a musician who recently moved to Seattle from New York, a person close to the Knox family confirmed for The Associated Press. Knox’s murder conviction in the 2007 stabbing of her roommate has been reinstated by an Italian court, but the former college exchange student maintains her innocence and vows she won’t willingly go back to Italy. Both Knox and Sutherland are 27. No wedding date had been set.

Italy's highest court has overturned the murder conviction against Amanda Knox, bringing to a definitive end the high-profile case.

in National

Time for Iran to make tough decisions in nuclear talks

In this March 26, 2015, photo, Iranian Foreign Minister Mohammad Javad Zarif, center, leaves a meeting with U.S. Secretary of State John Kerry and other U.S. officials at a hotel in Lausanne, Switzerland. U.S. and Iranian diplomats gather at a Baroque palace in Europe, a historic nuclear agreement within reach. Over Iraq’s deserts, their militaries fight a common foe. Leaders in Washington and Tehran, capitals once a million miles from each other in ideological terms, wrestle for the first time in decades with the notion of a rapprochement.

Six world powers and Iran move closer to a deal, but there are still major disagreements.

in Sports

This week’s top sports shots

AP564917773040_12

A look at some of the biggest plays and best photos in sports this week.

in Sports

This weekend’s sports schedule

playball

A look at some of this weekend's biggest sporting events.

in National

Making headlines this week

AP193442892434_0

A look at some of the week's biggest headlines and the stories you may have missed.