Heartbleed To Blame For Community Health Systems Breach 89
An anonymous reader writes: The Heartbleed vulnerability is the cause of the data breach at Community Health Systems, which resulted in 4.5 million records (containing patient data) being compromised. According to a blog post from TrustedSec, the attackers targeted a vulnerable Juniper router and obtained credentials, which allowed them access to the network's VPN.
Re:I call bullshit (Score:5, Interesting)
The hospital had an Internet-facing router that was accessible via SSH or HTTPS?
If they were stupid enough to do that, then someone else had probably stolen all their data already.
What if it was a Juniper SSL VPN Appliance [juniper.net]? TFA is a bit vague; but if the system has VPN access and Juniper gear it seems pretty likely that they might be using that, which would necessarily involve SSL on an internet facing device, though not necessarily SSH or HTTPS.
Re:It's not like they've had 5 months to fix it... (Score:5, Interesting)