It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Chinese hackers exploited the Heartbleed Internet security flaw to steal data on 4.5 million patients of Community Health Systems Inc. (CYH), the first known breach of a company by use of the vulnerability, said a person involved in the investigation who wasn’t authorized to comment publicly.
Community Health, the second-biggest for-profit U.S. hospital chain, disclosed yesterday that Chinese hackers stole patients’ Social Security numbers, names and addresses, without revealing how the hackers got in.
The group suspected of being responsible for the attack has a history of stealing intellectual property from health-care companies, and security specialists say it’s unusual for such thieves to turn to personal data.
The Heartbleed flaw, which was made public on April 7, was considered significant because it allows hackers to steal secret keys used to encrypt user names, passwords and other digital data. The revelation sent companies and security researches rushing to patch their computer networks.
“We never had any tangible proof of an attack until now,” said David Kennedy, founder of TrustedSec LLC, a security consulting company based in Cleveland, Ohio, who first reported Heartbleed was used to attack Community Health on his company’s website. Kennedy, who isn’t involved in the investigation, said he was told about the connection from three people close to the matter whose names he wouldn’t disclose.