Home / / Hospital hack said to be Heartbleed

Hospital hack said to be Heartbleed

Recent US hospital breach said to be biggest yet to exploit Heartbleed bug

Hospital hack said to be Heartbleed
Attack is the first known large-scale cyber-attack using the Heartbleed bug.

Hackers who stole the personal data of 4.5m patients of hospital group Community Health Systems Inc, broke into the company's computer system by exploiting the "Heartbleed" internet bug, making it the first known large-scale cyber-attack using the flaw, according to Reuters citing a security expert.

David Kennedy, chief executive of TrustedSec LLC, said that multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system.

Kennedy, who testified before the US Congress on security flaws in the healthcare.gov said the hospital operator uses Juniper's equipment to provide remote access to employees through a virtual private network.

The hackers used stolen credentials to log into the network posing as employees, Kennedy said. They then hacked their way into a database and stole millions of social security numbers and other records.

The Heartbleed bug, which was discovered in April this year is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data centre software and telecommunications equipment.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.