FYI...

Breach at Community Health Systems - data on 4.5M stolen in cyber attack
- http://www.reuters.com/article/2014/...0GI16N20140818
Aug 18, 2014 - "U.S. hospital operator Community Health Systems Inc said on Monday personal data, including patient names and addresses, of about 4.5 million people were stolen by hackers from its computer network, likely in April and June. The company said the data, considered protected under the Health Insurance Portability and Accountability Act, included patient names, addresses, birth dates, telephone numbers and Social Security numbers. It did not include patient credit card or medical information, Community Health Systems said in a regulatory filing. It said the security breach had affected about 4.5 million people who were referred for or received services from doctors affiliated with the hospital group in the last five years. The FBI warned healthcare providers in April that their cybersecurity systems were lax compared to other sectors, making them vulnerable to hackers looking for details that could be used to access bank accounts or obtain prescriptions... The company said it and its security contractor, FireEye Inc unit Mandiant, believed the attackers originated from China. They did not provide further information about why they believed this was the case. They said they used -malware- and other technology to copy and transfer this data and information from its system..."
___

- https://www.trustedsec.com/august-20...ve-trustedsec/
Aug 19, 2014 - "... a breach at Community Health Systems (CHS) affecting an estimated 4.5 million patients was recently revealed. TrustedSec obtained the first details on how the breach occured and new information relating to this breach. The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information... This is the first confirmed breach of its kind where the heartbleed bug is the known initial attack vector that was used..."

- http://www.reuters.com/article/2014/...0GK0H420140820
Aug 20, 2014 - "... Heartbleed is a major bug in OpenSSL encryption software that is widely used to secure websites and technology products including mobile phones, data center software and telecommunications equipment. It makes systems vulnerable to data theft by hackers who can attack them without leaving a trace..."