No doubt you will already been made aware of the security breach at Community Health Systems (CHS) that has affected an estimated 4.5 million patients. The first details emerged through TrustedSec, on how the breach occurred. It has now come to light, via the same source; the initial attack vector was made through the, now infamous, OpenSSL ‘heartbleed’ vulnerability.
The confirmation of the initial attack vector was allegedly obtained from a trusted yet anonymous source that is close to the CHS hacking investigation. The attackers were able to collect user credentials from memory on a CHS Juniper device through the ‘heartbleed’ vulnerability and use them to login via a separate virtual network.
Vunerabilities such as Heartbleed can leave organizational data wide open to hacks.
It was from there, the attackers were then able to continue accessing data in on the CHS by working through the network until the approximate 4.5 million patient records were obtained from a database. This attack is the first breach of its kind that has been confirmed, where the ‘heartbleed’ bug is the recognized initial attack vector that was used to gain access.
The period of time between zero day and patch day is the most dangerous time for a firm, where the monitoring and detection of threats are essential fundamentals of their security program.
Detection and response to an attack when it happens is key to starting an incident response and mitigating the danger swiftly. The lessons learned form this incident is that the need to focus on addressing an organization’s security concerns immediately and without delay should be priority. Maybe having a compensation control in place some time before, could have saved this breach from occurring in the first instance.
As always, if you would like to leave a sensible comment, then please do so in the comments section below.