Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Security Encryption

Heartbleed To Blame For Community Health Systems Breach 89

Posted by Soulskill
from the bet-you-wish-you'd-patched dept.
An anonymous reader writes: The Heartbleed vulnerability is the cause of the data breach at Community Health Systems, which resulted in 4.5 million records (containing patient data) being compromised. According to a blog post from TrustedSec, the attackers targeted a vulnerable Juniper router and obtained credentials, which allowed them access to the network's VPN.
This discussion has been archived. No new comments can be posted.

Heartbleed To Blame For Community Health Systems Breach

Comments Filter:
  • Re:I call bullshit (Score:5, Interesting)

    by fuzzyfuzzyfungus (1223518) on Wednesday August 20, 2014 @07:45AM (#47711347) Journal

    The hospital had an Internet-facing router that was accessible via SSH or HTTPS?

    If they were stupid enough to do that, then someone else had probably stolen all their data already.

    What if it was a Juniper SSL VPN Appliance [juniper.net]? TFA is a bit vague; but if the system has VPN access and Juniper gear it seems pretty likely that they might be using that, which would necessarily involve SSL on an internet facing device, though not necessarily SSH or HTTPS.

  • by guru42101 (851700) on Wednesday August 20, 2014 @09:10AM (#47711969)
    I know people who work there. Their only priority is profit. A few weeks ago they did the largest settlement ever with the feds for defrauding medicare. One of the higher ups in a town hall meeting about their atrocious turn over rate compared their employees to janitors. They put red tape over things that should be simple which causes employees to use improper routes to just get something working for now.

The only problem with being a man of leisure is that you can never stop and take a rest.

Working...