US hospital 'Heartbleed hack' lost information belonging to 4.5 million patients
The hack was announced earlier this week, although no medical records were affected
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.America’s second largest chain of for-profit hospitals has reported a data breach of information belonging to some 4.5 million patients, with security experts claiming that the Heartbleed bug is to blame.
Community Health Systems (CHS) announced that they had been hacked at the beginning of the week, with the stolen information including patient names, addresses, birth dates, social security numbers and phone numbers – but no medical records. CHS say that Chinese hackers were responsible.
The Heartbleed bug was first uncovered in April this year after a joint research project between Google and Finnish security group Codenomicon. The bug was a flaw in the commonly-used encryption standard OpenSSL – familiar to most internet users as the extra layer of security represented by the padlock icon in their browser.
Webmasters and software developers were encouraged to fix the flaw as soon as possible, but many companies were criticized for taking weeks to do so.
In the case of Community Health Systems, it’s thought that the breach was due to just such a delay, with TrustSec chief executive David Kennedy telling Bloomberg that the hackers had taking advantage of network products made by a firm named Juniper.
The use of Heartbleed has not been confirmed by CHS but if true it would be the largest hacks using the flaw to date. Previous attacks taking advantage of the bug have targeted the Canadian tax authority and UK parenting site Mumsnet.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments