Heartbleed To Blame For Community Health Systems Breach

An anonymous reader writes: The Heartbleed vulnerability is the cause of the data breach at Community Health Systems, which resulted in 4.5 million records (containing patient data) being compromised. According to a blog post from TrustedSec, the attackers targeted a vulnerable Juniper router and obtained credentials, which allowed them access to the network's VPN.

Re:I call bullshit

[fuzzyfuzzyfungus]

The hospital had an Internet-facing router that was accessible via SSH or HTTPS?

If they were stupid enough to do that, then someone else had probably stolen all their data already.

What if it was a Juniper SSL VPN Appliance [juniper.net]? TFA is a bit vague; but if the system has VPN access and Juniper gear it seems pretty likely that they might be using that, which would necessarily involve SSL on an internet facing device, though not necessarily SSH or HTTPS.

Re:It's not like they've had 5 months to fix it...

[guru42101]

I know people who work there. Their only priority is profit. A few weeks ago they did the largest settlement ever with the feds for defrauding medicare. One of the higher ups in a town hall meeting about their atrocious turn over rate compared their employees to janitors. They put red tape over things that should be simple which causes employees to use improper routes to just get something working for now.