News

Hospital data breach biggest yet to exploit Heartbleed bug

Hospital data breach biggest yet to exploit Heartbleed bug

HEARTBLEED: Community Health Systems, one of the biggest U.S. hospital groups, said the information stolen included patient names, addresses, birth dates, phone numbers and social security numbers of people who were referred or received services from doctors affiliated with the company over the last five years. Photo: Reuters

By Jim Finkle and Supriya Kurane

(Reuters) – Hackers who stole the personal data of about 4.5 million patients of hospital group Community Health Systems Inc broke into the company’s computer system by exploiting the “Heartbleed” internet bug, making it the first known large-scale cyber attack using the flaw, according to a security expert.

The hackers, taking advantage of the pernicious vulnerability that surfaced in April, got into the system by using the Heartbleed bug in equipment made by Juniper Networks Inc, David Kennedy, chief executive of TrustedSec LLC, told Reuters on Wednesday.

Kennedy said that multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system.

Community Health Systems said on Monday that the attack had originated in China.

Kennedy, who testified before the U.S. Congress on security flaws in the healthcare.gov website that Americans use to sign up for Obamacare health insurance programs, said the hospital operator uses Juniper’s equipment to provide remote access to employees through a virtual private network, or VPN.

The hackers used stolen credentials to log into the network posing as employees, Kennedy said. Once in, they hacked their way into a database and stole millions of social security numbers and other records, he said.

Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data center software and telecommunications equipment.

It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace.

Community Health Systems, one of the biggest U.S. hospital groups, said the information stolen included patient names, addresses, birth dates, phone numbers and social security numbers of people who were referred or received services from doctors affiliated with the company over the last five years.

Representatives of Community Health Systems could not be reached for comment outside regular U.S. business hours. A Juniper spokeswoman said she had no immediate comment.

A spokesman for FireEye Inc’s Mandiant forensics unit, which is leading the investigation into the breach, declined to comment.

Canada’s tax-collection agency said in April that the private information of about 900 people had been compromised after hackers exploited the Heartbleed bug.

(Reporting by Jim Finkle in Boston and Supriya Kurane in Bangalore; Editing by Gopakumar Warrier and Ted Kerr)

Recent Headlines

31 mins ago in Local

Bellingham charter service to add “beer tour”

Fresh
beer

Tours start June 12th.

19 hours ago in Local

Members of State’s Congressional delegation asks Boeing to reconsider servicing Iran

A Boeing 737 painted with the new logo and livery of Alaska Airlines is shown, Monday, Jan. 25, 2016, before its unveiling at an employee event in Seattle. (AP Photo/Ted S. Warren)

Three members of our State's Congressional delegation...Dave Reichert, Cathy McMorris-Rogers and Dan Newhouse have contacted the presidents of Boeing and Airbus asking them to halt or reconsider potential sales of airplane parts and other aircraft-related services to Iran.

20 hours ago in Local

School kids across the state are “feeling the Bern,” voting for Sanders in mock primary

bernie-sanders-portrait-03

The State's MOCK Presidential Primary... where K-12 students across the state cast their ballots... showed Bernie Sanders with a commanding lead.

20 hours ago in Local

Washington’s wildfire season off to an abrupt and early start

A line of fire snakes along a hillside at dusk Friday, July 18, 2014, in Winthrop, Wash. A fire racing through rural north-central Washington destroyed about 100 homes, leaving behind smoldering rubble, solitary brick chimneys and burned-out automobiles as it blackened hundreds of square miles. Friday's dawn revealed dramatic devastation, with the Okanagan County town of Pateros, home to 650 people, hit especially hard.

Fire officials say they were surprised to see wildfires burning this early west of the Cascades, particularly one that burned nearly 300 acres. The blazes fueled worries about what lies ahead.

20 hours ago in Local

6 year old girl rushed to hospital after falling from moving car in Lynnwood

hospital

The girl apparently fell out of the car as it was making a turn from a parking lot.