AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Boeing confirms ransomware attack as stolen data released by cybercrime gang Lockbit

    November 11, 2023

    Stolen data from American aircraft manufacturer Boeing has been released online by the cybercrime gang, Lockbit, according to the group’s website. Boeing confirmed a cybersecurity incident involving elements of its parts and distribution business. “We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from ...

  • Maine government says data breach affects 1.3 million people

    November 10, 2023

    The government of Maine has confirmed over a million individuals had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. The hackers used the vulnerability ...

  • Optus loses court bid to keep report into cause of cyber-attack secret

    November 10, 2023

    Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack – which resulted in the personal information of about 10 million customers being exposed – after a judge rejected the telco’s legal privilege claim. After the hack, the company announced in October last year that ...

  • Thailand: Trio arrested for alleged involvement in major data breach

    November 9, 2023

    A trio, consisting of an insurance broker, a programmer, and a Facebook page administrator, has been apprehended for their alleged involvement in a significant data breach operation. They stand accused of compromising and subsequently selling the personal data of over 15 million individuals to illicit businesses.  The engineer is accused of trading the personal information of ...

  • Law firm Allen & Overy hit by ‘data incident’

    November 9, 2023

    Allen & Overy has suffered a “data incident”, the London-founded law firm said on Thursday, after social media posts suggested it had been hacked by the Lockbit cybercrime gang. The attack, first reported by the Financial Times, comes after seven countries, including the U.S. and Britain, in June named Lockbit as the world’s top ransomware threat. Read ...

  • Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach

    November 7, 2023

    The personal data of 665,000 Marina Bay Sands customers was accessed in a data security breach in October. The “unauthorised access” took place on Oct 19 and Oct 20 and involved the data of some Sands LifeStyle rewards programme members, said a Marina Bay Sands (MBS) spokesperson on Tuesday (Nov 7). MBS said in response ...