Heartbleed behind massive healthcare data breach

By

Juniper device was vulnerable.

Further details are emerging on the massive data breach at US hospital operator Community Health Systems (CHS) that saw around 4.5 million patient records leaked.

Heartbleed behind massive healthcare data breach

Security vendor TrustedSec claimed yesterday that the "Heartbleed" in the open source OpenSSL cryptographic library was to blame for the data breach.

According to what TrustedSec says is a "trusted and anonymous source close to the CHS investigation", the attackers obtained credentials from an unspecified vulnerable Juniper device on the hospital provider's network.

With the credentials, the attackers were able to log in through a virtual private network (VPN) connection, and access the CHS network and patient database. 

Network equipment vendor Juniper has acknowledged that several of its products are vulnerable to Heartbleed, which permits attackers to siphon off data in memory unnoticed.

The company issued updates for its products three weeks' after the Heartbleed vulnerability was disclosed.

Many network devices around the world remain unpatched  to the Heartbleed vulnerability, as vendors have been slow to issue patches or customers have not applied them in a timely fashion.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?