Hospital hack said to be Heartbleed
Recent US hospital breach said to be biggest yet to exploit Heartbleed bug
Hackers who stole the personal data of 4.5m patients of hospital group Community Health Systems Inc, broke into the company's computer system by exploiting the "Heartbleed" internet bug, making it the first known large-scale cyber-attack using the flaw, according to Reuters citing a security expert.
David Kennedy, chief executive of TrustedSec LLC, said that multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system.
Kennedy, who testified before the US Congress on security flaws in the healthcare.gov said the hospital operator uses Juniper's equipment to provide remote access to employees through a virtual private network.
The hackers used stolen credentials to log into the network posing as employees, Kennedy said. They then hacked their way into a database and stole millions of social security numbers and other records.
The Heartbleed bug, which was discovered in April this year is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data centre software and telecommunications equipment.