According to a leading security expert the theft of personal data belonging to about 4.5 million healthcare patients all across the USA made possible because of the Heartbleed bug.Community Health Systems(CHS) which is US’s second largest profit-making hospital chain.Community Health Systems has 206 hospitals across the US,announced on Monday on august 19,2014 that its systems had been breached.The attack, which Community Health Systems believed
originated in China, happened in April and June this
year.The firm, which runs 206 hospitals in 29 states, is now in the process of notifying affected patients.
In April when Google and Codenomicon (a Finnish security company who testing tools for network equipment manufacturers, service providers, government/defense and enterprise customers) revealed a problem in OpenSSL. OpenSSL is a cryptographic library used to digitally scramble sensitive data.In this way Heartbleed bug made headlines in month of april.
What is Open SSL
OpenSSL is used by computer operating systems, instant messaging apps, email and other software products to protect sensitive data.If OpenSSL is active then user see a padlock icon in their web browser. A fix was made available at the time, and software-makers that used OpenSSL in their products were urged to employ it as soon as possible.
The theft data included patient names, addresses, birth dates, telephone numbers and social security numbers.One of security expert warned Community Health Systems that the data could be used to steal people’s identity. CHS said that it believed no medical and credit card records were taken.
David Kennedy, chief executive of TrustSec said that hackers took advantage of the fact that Franklin a Tennessee-based Community Health Systems, used a products made by Juniper(a firm that makes hardware and software to manage computer networks). After the Heartbleed alert was issued Juniper took several weeks to patch all its affected code. Mr Kennedy wrote in his company blog “The time between zero-day (the day Heartbleed was released) and patch day (when Juniper issued its patch) is the most critical time for an organisation where monitoring and detection become essential elements of [an] IT security programme,”.News of the attack follows several warnings, from both law enforcement and security experts, that medical equipment is at risk from hack attacks due to poor security measures.