Heartbleed behind massive healthcare data breach

By

Juniper device was vulnerable.

Further details are emerging on the massive data breach at US hospital operator Community Health Systems (CHS) that saw around 4.5 million patient records leaked.

Heartbleed behind massive healthcare data breach

Security vendor TrustedSec claimed yesterday that the "Heartbleed" in the open source OpenSSL cryptographic library was to blame for the data breach.

According to what TrustedSec says is a "trusted and anonymous source close to the CHS investigation", the attackers obtained credentials from an unspecified vulnerable Juniper device on the hospital provider's network.

With the credentials, the attackers were able to log in through a virtual private network (VPN) connection, and access the CHS network and patient database. 

Network equipment vendor Juniper has acknowledged that several of its products are vulnerable to Heartbleed, which permits attackers to siphon off data in memory unnoticed.

The company issued updates for its products three weeks' after the Heartbleed vulnerability was disclosed.

Many network devices around the world remain unpatched  to the Heartbleed vulnerability, as vendors have been slow to issue patches or customers have not applied them in a timely fashion.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?