Further details are emerging on the massive data breach at US hospital operator Community Health Systems (CHS) that saw around 4.5 million patient records leaked.
Security vendor TrustedSec claimed yesterday that the "Heartbleed" in the open source OpenSSL cryptographic library was to blame for the data breach.
According to what TrustedSec says is a "trusted and anonymous source close to the CHS investigation", the attackers obtained credentials from an unspecified vulnerable Juniper device on the hospital provider's network.
With the credentials, the attackers were able to log in through a virtual private network (VPN) connection, and access the CHS network and patient database.
Network equipment vendor Juniper has acknowledged that several of its products are vulnerable to Heartbleed, which permits attackers to siphon off data in memory unnoticed.
The company issued updates for its products three weeks' after the Heartbleed vulnerability was disclosed.
Many network devices around the world remain unpatched to the Heartbleed vulnerability, as vendors have been slow to issue patches or customers have not applied them in a timely fashion.
