Heartbleed Associated with Community Health Systems Data Breach
It was recently reported that Community Health Systems suffered a data breach, resulting in the loss of patient names, addresses, birthdates, telephone numbers, and Social Security numbers of 4.5 million individuals. Security experts at the time noted that malware was used to attack systems, and while that still seems to be true, it looks like the major security flaw known as Heartbleed is partially to blame for allowing Chinese hackers to circumvent security measures. According to David Kennedy, the founder of TrustedSec LLC, hackers were able to make use of the Heartbleed flaw in order to steal usernames and passwords, which then gave them access to private communications channels within Community Health Systems. Although Kennedy is not involved with the ongoing investigation in any way, he has noted that the information linking Heartbleed to the stolen data comes from three people close to the matter.
If Heartbleed is in fact connected to the data breach that Community Health Systems recently suffered, it will be the first known breach of a company by use of the vulnerability.