A major breach hitting Tennessee-based Community Health Systems (CHS) started with the exploit of a VPN device, which was vulnerable to the Heartbleed bug.
In late August, David Kennedy, principal security consultant and CEO at Ohio-based TrustedSec,
cited three sources close to the CHS investigation who tipped him off
to the initial attack vector – a VPN concentrator device manufactured by
Juniper Networks. After leveraging the OpenSSL flaw, Heartbleed
attackers were able to obtain VPN credentials stored in memory on the
Juniper device.
The CHS breach reportedly impacted four million
patients, whose names, addresses, birthdates, phone numbers and Social
Security numbers may have been compromised. Following news of the
breach, a lawsuit was filed against CHS accusing the hospital operator
of failing to meet security standards to protect patients' personal
information.
Type: PHI
Area: Medical
First Noted: July 2014
Location: TN
Total Records: 4,000,000+
Status: Not Monitoring for Follow Up (Not a client of SLC Security Services LLC)
The purpose of this page is to provide awareness to individuals and organizations that are leaking information and the information of their customers. The entities listed on this site are verified to be leaking personal information sometimes without the company even being aware. SLC Security is now owned and operated by Jigsaw Security Enterprise. We are currently in process and as such this blog will eventually be taken offline and merged with Jigsaw Security resources.
No comments:
Post a Comment