The well-known Community Health Systems, Inc. (CHSI) data breach that compromised 4.5 million patients’ data was a result of the OpenSSL Heartbleed vulnerability, says information security firm TrustedSec.
TrustedSec said in a blog post that the hackers used stole CHSI user credentials using the Heartbleed vulnerability on a CHS Juniper [Networks] device back in the spring. Once they had those credentials, they were able to log onto the CHSI virtual private network (VPN) and digging into the organization’s network to eventually access the 4.5 million-patient database. Note that CHSI has not confirmed that Heartbleed was the source of the breach.
The time between 0-day (the day Heartbleed was released) and patch day (when Juniper issued its patch) is the most critical time for an organization where monitoring and detection become essential elements of it security program. Having the ability to detect and respond to an attack when it happens is key to enacting incident response and mitigating the threat quickly.
The TrustedSec blog post maintained that this was the only known instance of the Heartbleed bug being the initial culprit for a data breach. Once news came out in the spring that Cisco and Juniper Networks both had found the Heartbleed bug in various networking products, breaches such as the one CHSI endured were the major fear back in April. Because network devices and machines controlling firewalls and virtual private networks (VPN) could be potentially exposed, these concerns were well-founded.
Check out a healthcare CSO’s reaction to the CHSI breach here.