Computer bug 'Heartbleed' likely source of Community Health Systems data breach

Hackers likely used the computer bug Heartbleed to gain access to the data of about 4.5 million patients at Community Health Systems--and the FBI is warning other hospitals they could be at risk too, Reuters reports.

The hack at CHS is the first known large-scale cyberattack using the bug, which compromises the Web encryption program OpenSSL, opening hundreds of thousands of websites to data theft. 

During this morning's monthly cyber threat briefing, broadcast online, HITRUST CEO Dan Nutkis spoke about the need for greater dissemination of information when breaches like this happen.

"There are some voids in receiving information from the government," Nutkis said. "We are looking at how we can provide more informative-type messages."

Roy Mellinger, vice president and CISO at WellPoint, also spoke during the briefing about security practices in the industry.

He said some criticism of the industry's security efforts have been harsh and noted that healthcare organizations have made tremendous progress when it comes to data security. However, he also said security is not as robust as it should be. One of the most crucial things, he said, is getting information across the sector to let healthcare executives know what is going on and if they are taking the right steps to keep data secure.

Reuters also reported that the FBI sent out a flash brief yesterday to alert healthcare industry companies that it has observed "malicious actors targeting healthcare-related systems," perhaps for the purpose of obtaining personal health data. 

In April the agency issued two warnings about the vulnerabilities of health organizations' systems, including medical devices.

During the HITRUST briefing, Michael Rosanova, supervisory special agent at the FBI, said the agency will work on getting information out in a "more timely fashion" and put classified information into a usable form that can be easily shared. 

To learn more:
- read the Reuters article on Heartbleed
- read the Reuters article on the FBI flash alert

Suggested Articles

An assessment looking at 12 health systems that allow patients to download their health records to their smartphones via APIs finds modest uptake.

The National Institutes of Health-led All of Us precision medicine health research database project has enrolled 230,000 participants.

Hospitals must pursue a deliberate strategy for managing their public image—and a powerful tool for doing so is inpatient clinical data registries.