There are two types of old friends: the ones that you look forward to catching up with over a cocktail and a curry, and the ones that steal your data and leave you weeping and ashamed in the eyes of the world. Well, it seems our old pal Heartbleed has made another appearance, and, if you’re unsure which category it falls into, let’s just say that it doesn’t deserve a madras moment with us. The second largest profit-making hospital chain in the US has just announced a mega-breach, knocking around 4.5m patient records for six, and word on the street is that HB is responsible. If it turns out it is related, it’ll be the virus’ biggest conquest, and has only just been discovered, four months after the initial breakout; but there’s a theory on why the HB legacy lives on, and how you can avoid being caught out.
On Monday, Community Health Systems announced it had been breached and security company TrustedSec is saying that Heartbleed was at the heart (oh yeah I did) of the attack, but CHS is currently playing its cards close to its chest. The Heartbleed bug caused a big ol’ panic back in April, but – if we’re looking for a silver lining here – brought cyber security to the attention of people who might have thought they were safe (possibly not enough though, or CHS might have discovered this a little earlier).
What TrustedSec thinks might’ve happened is that CHS used products made by Juniper, which makes hardware and software used to manage computer networks. Juniper was affected by Heartbleed, and in the few hours it took to patch the flaw, people who used its products could also have been compromised. One of the biggest reasons that HB was such a problem is that attackers were able to mess with systems without leaving any trace, which is why, months after the initial explosion, there are still breaches that could be undetected.
This shows is that even if you’re not directly affected by a hack, it’s important to check that all aspects of your service are secure too, especially any that come from, or have contact with, external companies. In fact, just go ahead and run all the checks anyway, because you never know what’s lurking about. CHS runs 206 hospitals in 29 states, and is now letting people know if they’ve been affected, and luckily (or maybe just optimistically) doesn’t think the bad guys got their hands on medical records or financial information.
The discovery shows how important it is not to become complacent; this isn’t like when you were a giddy sixteen-year-old waiting to be asked to prom – take matters into your own hands! For example, our recently re-launched BASEfund includes vulnerability scanning and penetration testing, which digs your entire system for potentially weak areas and then emulates an attack to see where you need to increase security. So, unless you want to join the list of causalities, maybe it’s time for another full health check!
If you want more information the security at UKFast, take a look at our website, contact your account manager or our support team on 0800 045 4945.