Share

Heartbleed causes massive hospital cyber breach

Washington - Hackers who stole the personal data of about 4.5 million patients of hospital group Community Health Systems broke into the company's computer system by exploiting the "Heartbleed" internet bug, making it the first known large-scale cyber attack using the flaw, according to a security expert.

The hackers, taking advantage of the pernicious vulnerability that surfaced in April, got into the system by using the Heartbleed bug in equipment made by Juniper Networks, David Kennedy, chief executive of TrustedSec LLC, said on Wednesday.

Kennedy said that multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system.

Community Health Systems said on Monday that the attack had originated in China.

Kennedy, who testified before the US Congress on security flaws in the healthcare.gov website that Americans use to sign up for Obamacare health insurance programmes, said the hospital operator uses Juniper's equipment to provide remote access to employees through a virtual private network, or VPN.

No trace

The hackers used stolen credentials to log into the network posing as employees, Kennedy said. Once in, they hacked their way into a database and stole millions of social security numbers and other records, he said.

Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data centre software and telecommunications equipment.

It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace.

Community Health Systems, one of the biggest US hospital groups, said the information stolen included patient names, addresses, birth dates, phone numbers and social security numbers of people who were referred or received services from doctors affiliated with the company over the last five years.

Representatives of Community Health Systems could not be reached for comment outside regular US business hours. A Juniper spokesperson said she had no immediate comment.

A spokesperson for FireEye's Mandiant forensics unit, which is leading the investigation into the breach, declined to comment.

Canada's tax-collection agency said in April that the private information of about 900 people had been compromised after hackers exploited the Heartbleed bug.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
19.00
-0.3%
Rand - Pound
24.14
-0.1%
Rand - Euro
20.65
-0.3%
Rand - Aus dollar
12.38
+0.3%
Rand - Yen
0.13
+0.5%
Platinum
905.16
-2.0%
Palladium
1,006.63
+0.1%
Gold
2,157.24
-0.2%
Silver
24.94
-0.4%
Brent Crude
86.89
+1.8%
Top 40
66,252
0.0%
All Share
72,431
0.0%
Resource 10
53,317
0.0%
Industrial 25
100,473
0.0%
Financial 15
16,622
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders