Further details are emerging on the massive data breach at US hospital operator Community Health Systems (CHS) that saw around 4.5 million patient records leaked.
Security vendor TrustedSec claimed yesterday that the "Heartbleed" in the open source OpenSSL cryptographic library was to blame for the data breach.
According to what TrustedSec says is a "trusted and anonymous source close to the CHS investigation", the attackers obtained credentials from an unspecified vulnerable Juniper device on the hospital provider's network.
With the credentials, the attackers were able to log in through a virtual private network (VPN) connection, and access the CHS network and patient database.
Network equipment vendor Juniper has acknowledged that several of its products are vulnerable to Heartbleed, which permits attackers to siphon off data in memory unnoticed.
The company issued updates for its products three weeks' after the Heartbleed vulnerability was disclosed.
Many network devices around the world remain unpatched to the Heartbleed vulnerability, as vendors have been slow to issue patches or customers have not applied them in a timely fashion.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Private AI vs Public AI: How your organisation can securely adopt AI without compromise and excessive cost
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
