Need help? Chat now!

Hostwinds Blog

Search results for:

Was Heartbleed Used to Steal Medical Data? Featured Image

Was Heartbleed Used to Steal Medical Data?

by: Bryon Turcotte  /  August 22, 2014

According to an article recently published on the Mashable website, a suspected Chinese hacker group reported to have stolen approximately "4.5 million patient records from an American hospital network_" may have orchestrated this attack via the Heartbleed exploit. The article indicates that this is "_the first time the bug has been reported to be at the center of a high-profile breach." According to the Mashable report, the attackers breached "a device that had not been patched to fix the Heartbleed bug to steal user credentials." Then, at a later time, the hackers used this data to gain access to the Community Health Systems (CHS) network, where the "names, addresses, birth dates, telephone numbers, and social security numbers" of patients were extracted, as noted by security experts quoted in the report.

Dave Kennedy, CEO of the security firm TrustedSec – not involved in the breach investigation –  was quoted in the article to say, "This is the first confirmed breach of its kind where the heartbleed bug is the known initial attack vector," Kennedy authored a blog post which contained "information obtained from a trusted and anonymous source close to the CHS investigation\, "according to the_ article. The article notes that per Kennedy's comments, the attackers gained entrance through a "_CHS Juniper device that had not been immediately patched after the Heartbleed bug was disclosed in April_" which enabled them to obtain "_user credentials from the device's memory." Once this was accomplished, according to the article, the hackers gained access to the system through a Virtual Private Network (VPS), a tool that allows an individual to connect remotely.

The report indicates that FireEye has released no detailed information regarding the breach, the security firm retained to conduct the investigation. However, Mike Lennon of SecurityWeek, a cybersecurity trade publication, was quoted in the article to say, "The facts support claims that Heartbleed could have been what enabled attackers to run off with the personal information on 4.5 million individuals_", outlining that "_a previously disclosed attack_" according to the presented findings "_seems to match the one that was publicized this week by CHS."

Read more about this attack in the full article at Mashable and learn how investigators deal with this historic breach and theft of private information.

Written by Bryon Turcotte  /  August 22, 2014