AAPL Stock: 117.81 ( -0.22 )

Printed from

Heartbleed suspected to be point of entry for CMS records breach

updated 05:15 pm EDT, Wed August 20, 2014

OpenSSL vulnerability the first attack vector, occured shortly after bug announced

Security firm TrustedSec says that it learned how hackers were able to obtain records from Community Health Systems (CHS). According to a statement released by the firm yesterday, the initial attack occurred through an OpenSSL vulnerability. An anonymous source tied to the investigation told the company that Heartbleed, a vulnerability that has made headlines in recent history, is to blame for the breach.

CHS recently reported in a filing to the United States Securities and Exchange Commission that it was the target of data theft from April to July. While the company was eventually able to halt the transfer of data, it was found that hospital patient records including names, addresses and Social Security numbers for 4.5 million patients were stolen. Details on the method and type of attack were unknown, other than to say a Chinese group was responsible.

TrustedSec states that it received the first details on the breach from an anonymous source close to the case. The source told the firm that attacking OpenSSL through the Heartbleed bug was the "initial attack vector," which would allow the attackers to gain complete access to the system afterward. Credentials were obtained through the memory on a CHS Juniper device.

David Kennedy, the founder of TrustedSec, spoke with Bloomberg about the attack, adding that there was no proof prior to the information leak that CHS systems were attacked. Bloomberg reached out to CHS about the Heartbleed bug as the access entry point, but spokeswoman Tomi Galin declined to comment.

The CHS system was accessed about a week after Heartbleed was announced, but before the company was able to patch its systems. TrustedSec says that this is the "first confirmed breach of its kind" that is tied to Heartbleed as the first wave of attack.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented