On Monday, 18 August, it was revealed by US hospital operator Community Health Systems that they have suffered from data breaches. In this breach, hackers have stolen the personal data of the hospital's employees and of patients too that includes patient names, addresses, birth dates, phone numbers, and Social Security numbers.
The company says the data was stolen in attacks that occurred between April and June 2014 and the hackers gained access to data from anybody who were referred for or received services from any doctor affiliated with Community Health Systems. The company also mentioned that in this hack attacker did not gain access to any medical records.
This attack has affected 4.5 million people who have been subjected to service from this hospital group in the last five years. Healthcare providers were warned by the FBI in April about their cybersecurity systems' vulnerability.The company had worked with FireEye unit Mandiant, and according to the investigation report of the Mandiant, it says that the attack originated from China and the hackers used “highly sophisticated malware and technology to attack the Company’s systems.”
But now a new report from Bloomberg says, Chinese hackers used the Heartbleed security flaw to steal personal data belonging to 4.5 million patients of Community Health Systems Inc.
“We never had any tangible proof of an attack until now,” David Kennedy, founder of TrustedSec LLC, a Cleveland, Ohio-based security consulting company, told Bloomberg. Kennedy, who first reported that Heartbleed was used to attack Community Health, said he obtained the details of the hack from “a trusted and anonymous source” close to the investigation.The Heartbleed flaw, which was publicly disclosed on April 7, allows hackers to steal secret keys that are used to encrypt user names, passwords, and other digital data. Following the bug's discovery, many companies and security researchers were forced to build fresh safeguards to protect their computer networks.