Heartbleed to blame for Community Health Systems breach

[InfoSec News <alerts () infosecnews org>]

http://www.csoonline.com/article/2466726/data-protection/heartbleed-to-blame-for-community-health-systems-breach.html

By Steve Ragan
CSO
Aug 19, 2014

According to a blog post from TrustedSec, an information security 
consultancy in Ohio, the breach at Community Health Systems (CHS) is the 
result of attackers targeting a flaw OpenSSL, CVE-2014-0160, better known 
as Heartbleed.

The incident marks the first case Heartbleed has been linked to an attack 
of this size and type.

On Monday, CHS disclosed a data breach in an 8-K filing with the U.S. 
Securities and Exchange Commission. The filing itself was brief, offering 
few details on the actual attack and its root cause.

The regulatory notice stated that CHS believes the network compromise 
itself happened in April and June of 2014. Once discovered, they hired 
Mandiant to perform an investigation, which speculated that the attacker 
was part of a group in China.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/