According to an article recently published on the Mashable website, a suspected Chinese hacker group reported to have stolen approximately "4.5 million patient records from an American hospital network_" may have orchestrated this attack via theHeartbleedexploit. Thearticleindicates that this is "_the first time the bug has been reported to be at the center of a high-profile breach." According to the Mashable report, the attackers breached "a device that had not been patched to fix the Heartbleed bug to steal user credentials." Then, at a later time, the hackers used this data to gain access to the Community Health Systems (CHS) network, where the "names, addresses, birth dates, telephone numbers, and social security numbers" of patients were extracted, as noted by security experts quoted in the report.
Dave Kennedy, CEO of the security firm TrustedSec – not involved in the breach investigation – was quoted in the article to say, "This is the first confirmed breach of its kind where the heartbleed bug is the known initial attack vector," Kennedy authored a blog post which contained "information obtained from a trusted and anonymous source close to theCHSinvestigation\, "according to the_ article. Thearticlenotes that per Kennedy's comments, the attackers gained entrance through a "_CHS Juniper device that had not been immediately patched after theHeartbleedbug was disclosed in April_" which enabled them to obtain "_user credentials from the device's memory." Once this was accomplished, according to the article, the hackers gained access to the system through a Virtual Private Network (VPS), a tool that allows an individual to connect remotely.
The report indicates that FireEye has released no detailed information regarding the breach, the security firm retained to conduct the investigation. However, Mike Lennon of SecurityWeek, a cybersecurity trade publication, was quoted in the article to say, "The facts support claims thatHeartbleedcould have been what enabled attackers to run off with the personal information on 4.5 million individuals_", outlining that "_a previously disclosed attack_" according to the presented findings "_seems to match the one that was publicized this week by CHS."
Read more about this attack in the full article at Mashable and learn how investigators deal with this historic breach and theft of private information.