HeartBleed OpenSSL Bug
The Heartbleed Bug, which affects the OpenSSL encryption software, has been blamed for the theft of data on 4.5 million hospital patients.

The Heartbleed Bug which caused widespread panic earlier this year has been blamed for the huge cyber-security breach at a US hospital group which saw 4.5 million patient records stolen.

According to David Kennedy, chief executive of TrustedSec, the criminals - believed to be from China - stole the records from Community Health Systems by exploiting the Heartbleed bug in equipment made by Juniper Networks.

Kennedy, speaking to Reuters on Wednesday, said "multiple sources familiar with the investigation into the attack had confirmed that Heartbleed had given the hackers access to the system."

The hospital group has declined to comment on the nature of the attack method used in the breach, as has Juniper Networks.

Earlier this week Community Health Systems confirmed its network had been breached and that hackers had stolen data on 4.5 million patients from the 206 hospitals the group operators across 29 states in the United States.

A statement from the group said its security expert "believes the attacker was an 'Advanced Persistent Threat' group originating from China."

According to Kennedy, the hackers used stolen employee credentials to access the network initially before exploiting the Heartbleed bug to steal millions of patient records from internal databases.

Juniper Networks provides equipment to the group to allow employees remotely access patient information using virtual private networks (VPNs).

The stolen data included names, social security numbers, physical addresses, birthdays and telephone numbers.

The Heartbleed Bug was made public on 7 April and revealed a major flaw in the OpenSSL encryption code which was implemented over two years ago allowed for sensitive information like passwords, credit card information and even pirate encryption keys to be stolen from millions of websites.

Previously attacks credited to the Heartbleed flaw were on a much smaller scale, with one attacker using it to impersonate the founder of Mumsnet while a 19-year-old Canadian student was arrested for stealing the details of 900 Canadian taxpayers.