Arik Hesseldahl

Community Health Systems, which operates 206 hospitals in 29 states, most of them in rural communities, said that it suffered a data breach affecting the personal information of some 4.5 million patients.

In a regulatory filing with the Securities and Exchange Commission, the company said it was attacked during April and June of 2014 by an “Advanced Persistent Threat” group believed to be operating out of China. Once it detected the attack, Community Health said it hired Mandiant, a unit of the security company FireEye, to investigate the incident.

A Q&A with Gild CEO Sheeroy Desai and chief scientist Vivienne Ming. Tech companies have a diversity problem, especially when it comes to hiring software engineers.

Software may be eating the world, but for the most part that software is created by white males, despite the fact that there are many qualified engineers in the marketplace who are neither.

A series of self-reinforcing cycles reinforces the status quo. Companies tend to hire alumnae from certain universities and workers from particular companies; they also rely heavily on referrals from existing employees. The result is a workforce with a lot of faces that look similar.

It’s the kind of problem you might expect could be solved by, well, software. Human biases in hiring, innocent and otherwise, can be corrected by an approach that ranks candidates based on the quality of their body of publicly visible work -- or so the thinking goes. That’s what Gild does. It’s one of a few up-and-coming companies that has sought to give its customers -- some 300 companies at last count -- a leg up in finding qualified software developers.

Gild CEO Sheeroy Desai and chief scientist Vivienne Ming talked about how the company is starting to help its customers grapple with the difficulties of building a more diverse work force.

Hackers operating somewhere in Eastern Europe have penetrated the networks of energy companies in the US, Spain, France and several other countries and may have gained the ability to carry out cyber-sabotage attacks, researchers at the security company Symantec said.

In what’s being described as a departure from typical hacking attacks that are intended to steal intellectual property, the attackers gained access to industrial control systems used to maintain power grids and oil and gas pipelines and had the ability to take over operations or even damage them.

Symantec says it “bears the hallmarks” of state-sponsored operations, but does not identify any specific country. It nicknamed the attackers “Dragonfly,” and said the only clue to their identity was the fact that they were operating during standard business hours in a time zone that includes the countries of the former Soviet republics of Georgia and Azerbaijan, but also the United Arab Emirates.

Another clue: They used an attack tool that appears to have been modified by a Russian-speaker.

[Commentary] The US Department of Justice has secured criminal indictments against five active-duty members of the cyberwar unit of China’s People’s Liberation Army. Here’s what you should expect to happen as a result: Nothing meaningful.

The charges announced by Attorney General Eric Holder amount to the diplomatic equivalent of the pot criticizing the kettle’s wardrobe. The chance that anyone sees the inside of a US courtroom as a result of the charges is virtually nil. While the particulars are interesting -- and hopefully we’ll get to read more nitty-gritty details when the official indictment documents are unsealed -- the fundamental problem is one of credibility.

Essentially, when it comes to cyberattacks, the US has none. The revelations concerning the aggressive collection efforts of the US National Security Agency by its former contractor Edward Snowden have demonstrated there is very little in the global communications infrastructure that agency won’t touch in an attempt to compromise. And while Attorney General Holder and other US officials are quick to say that the US government doesn’t hack non-US companies in order to help US companies, there have been hints from Snowden that there are disclosures yet to be made that tell a different story.

If you’ve been worried about the dreaded Heartbleed vulnerability that shook the foundations of the Internet, you can start to breathe a little easier. But not completely.

The folks at the Internet security firm Sucuri have done a systematic scan of the top million sites on the Internet as determined by Amazon’s Alexa, and according to its findings, as related in a blog post by its CTO Daniel Cid, there’s mostly good news, but some bad.

The good news is that according to its findings, the top 1,000 sites on the Web are safe. They’ve been updated, their certificates and keys recreated, and they’re now safe to use, though you should probably still change your passwords just to be cautious. Perhaps even more reassuring is that within the top 10,000 sites, only 53 were found to still be vulnerable.

The bad news, and it’s relative, is that many -- about two percent -- of the of top million sites are still vulnerable. That works out to more than 20,000 sites. The more popular a site, the more likely it is to have been fixed.