AAPL Stock: 110.38 ( + 0.8 )

Printed from

Heartbleed suspected to be point of entry for CMS records breach

updated 05:15 pm EDT, Wed August 20, 2014

OpenSSL vulnerability the first attack vector, occured shortly after bug announced

Security firm TrustedSec says that it learned how hackers were able to obtain records from Community Health Systems (CHS). According to a statement released by the firm yesterday, the initial attack occurred through an OpenSSL vulnerability. An anonymous source tied to the investigation told the company that Heartbleed, a vulnerability that has made headlines in recent history, is to blame for the breach.

CHS recently reported in a filing to the United States Securities and Exchange Commission that it was the target of data theft from April to July. While the company was eventually able to halt the transfer of data, it was found that hospital patient records including names, addresses and Social Security numbers for 4.5 million patients were stolen. Details on the method and type of attack were unknown, other than to say a Chinese group was responsible.

TrustedSec states that it received the first details on the breach from an anonymous source close to the case. The source told the firm that attacking OpenSSL through the Heartbleed bug was the "initial attack vector," which would allow the attackers to gain complete access to the system afterward. Credentials were obtained through the memory on a CHS Juniper device.

David Kennedy, the founder of TrustedSec, spoke with Bloomberg about the attack, adding that there was no proof prior to the information leak that CHS systems were attacked. Bloomberg reached out to CHS about the Heartbleed bug as the access entry point, but spokeswoman Tomi Galin declined to comment.

The CHS system was accessed about a week after Heartbleed was announced, but before the company was able to patch its systems. TrustedSec says that this is the "first confirmed breach of its kind" that is tied to Heartbleed as the first wave of attack.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented