The well-known Community Health Systems, Inc. (CHSI) data breach
that compromised 4.5 million patients’ data was a result of the OpenSSL Heartbleed vulnerability, says information security firm TrustedSec.
TrustedSec said in a blog post
that the hackers used stole CHSI user credentials using the Heartbleed vulnerability on a CHS Juniper [Networks] device back in the spring. Once they had those credentials, they were able to log onto the CHSI virtual private network (VPN) and digging into the organization’s network to eventually access the 4.5 million-patient database. Note that CHSI has not confirmed that Heartbleed was the source of the breach.
The TrustedSec blog post maintained that this was the only known instance of the Heartbleed bug being the initial culprit for a data breach. Once news came out in the spring that Cisco and Juniper Networks both had found the Heartbleed bug
in various networking products, breaches such as the one CHSI endured were the major fear back in April. Because network devices and machines controlling firewalls
and virtual private networks (VPN) could be potentially exposed, these concerns were well-founded.
Check out a healthcare CSO’s reaction to the CHSI breach here