It has been a while since the Heartbleed bug got publicly know and went trough every media type, about four months and you would expect critical systems to be patched by now. After all, pretty much every manufacturer and software developer rushed out with a fix to their system. It however seems that some government employed backwater system administrator somewhere doesn’t have access to any form of news.
Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data centre software and telecommunications equipment. It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace.
Hackers made off with personal data of about 4.5 million patients of the hospital group Community Health Systems Inc, one of the biggest groups in the US. They broke into the system using the Heartbleed bug and made away with their database without leaving a trace. This is the first publicly known large-scale cyber attack using the Heartbleed exploit.
The hackers got into the system by using the Heartbleed bug in equipment made by Juniper Networks Inc, said David Kennedy, chief executive of TrustedSec LLC, Multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system. Community Health Systems said on Monday that the attack had originated in China.
Community Health Systems, said the information stolen included patient names, addresses, birth dates, phone numbers and social security numbers of people who were referred or received services from doctors affiliated with the company over the last five years.
Thank you Reuters for providing us with this information.
Images courtesy of Businessinsider.