The security firm TrustedSec said in a blog post on Tuesday that a recent hack of the healthcare network Community Health Services was the result of an attack on the so-called “Heartbleed” vulnerability in OpenSSL. According to TrustedSec, attackers targeted vulnerable VPN (virtual private network) software from Juniper networks in a breach that affected an estimated 4.5 million patients. TrustedSec cited a “trusted and anonymous source close to the CHS investigation” in its blog post. It said attackers were able to glean user credentials from memory on a CHS Juniper device by exploiting the Heartbleed vulnerability. Those credentials were used to login via the VPN to CHS’s network, then move laterally to the servers containing the patient data. [Read more Security Ledger coverage of the Heartbleed vulnerability here.] A separate report by Bloomberg attributed the attack to hackers in China, though it did not provide any evidence linking the attackers to a specific Chinese […]
Search Results for "healthcare"
Report: Hospital network hacked, 4.5 million records stolen
News today that Community Health Systems, a national hospital network that operates 206 hospitals across the United States, was the victim of a cyber attack that resulted in the theft of 4.5 million patients. According to CNN Money, hackers gained access to patient names, Social Security numbers, physical addresses, birthdays and telephone numbers. The breach affects anyone who received treatment from a physician’s office tied to a Community Health Systems network-owned hospital in the last five years. The FBI is investigating the breach. Community Health Systems’ hospitals operate in 28 states but have their most significant presence in Alabama, Florida, Mississippi, Oklahoma, Pennsylvania, Tennessee and Texas. Help Net Security has a panel of experts comment. The consensus is that the healthcare sector is more in the cross hairs for sophisticated attacks that are intended to steal personal information that can be used for identity theft scams. Read more over at CNN Money: Hospital network hacked, 4.5 million […]
FDA: Regulators Can’t Scale To Police Mobile Health Apps
A senior advisor to the U.S. Food and Drug Administration (FDA) tossed cold water on speculation that the Agency might try to police mobile health and wellness applications, saying the FDA couldn’t possibly scale up to meet the challenge of policing the hundreds of new apps appearing every month. Correction: The article was changed to clarify Mr. Patel’s comments. He was not responding to a direct question about the FDA setting up an office to regulate mobile health applications. He was commenting on the possibility of creating a platform to evaluate and rate mobile health applications. Also, he said “It’s not do-able,” not “it’s not possible.” We apologize for any confusion created by the article. – PFR July 10, 2014. The sheer pace of innovation in the mobile health application space and the numbers of such applications already available on mobile marketplaces like the iTunes App Store and Google Play mean that many mobile health applications will escape scrutiny by federal […]
No Silver Bullet For Securing The Internet Of Things
On Wednesday we wrapped up the first-ever Security of Things Forum (SECoT) here in Boston, which was a great success. During a full day of talks and panel discussions, there was a lot of discussion – both on the stage and in the audience. Here are some (high level) take aways from the event: The Internet of Things will be different – really different The combination of technologies that we refer to as the Internet of Things is going to be transformative in ways that are profound. As I said in introductory comments: I see the net effect of this next phase of the Internet as being a leap forward, rather than incremental change – less “invention of the printing press” and more “invention of writing and counting systems.” Like Internet v.1, the exact direction that the Internet of Things will take is unclear. What is clear is that it […]
Cisco Pledges $300k For Next Big Thing In Internet of Things Security
Most folks are still trying to figure out what “security” in the context of “The Internet of Things” actually means. But that didn’t stop Cisco Systems from throwing down a challenge to the tech sector: develop security solutions that address problems specific to The Internet of Things and win a cash prize. In a blog post, Chris Young, a Senior Vice President in Cisco’s Security Group, announced The Internet of Things Security Grand Challenge, saying the contest would offer “visionaries, innovators, and implementers…the opportunity to define a future of a secure IoT,” and pledging up to $300,000 in prizes and awards up to $75,000 for six winners. Cisco has set its sights on the emerging “Internet of Things” in a big way – leveraging its deep roots as a networking infrastructure provider to carriers and enterprises, and ancillary businesses such as set top boxes and low-cost networking equipment for […]