AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Boeing confirms ransomware attack as stolen data released by cybercrime gang Lockbit
November 11, 2023
Stolen data from American aircraft manufacturer Boeing has been released online by the cybercrime gang, Lockbit, according to the group’s website. Boeing confirmed a cybersecurity incident involving elements of its parts and distribution business. “We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from ...
- Maine government says data breach affects 1.3 million people
November 10, 2023
The government of Maine has confirmed over a million individuals had personal information stolen in a data breach earlier this year by a Russia-linked ransomware gang. In a statement published Thursday, the Maine government said hackers exploited a vulnerability in its MOVEit file-transfer system, which stored sensitive data on state residents. The hackers used the vulnerability ...
- Optus loses court bid to keep report into cause of cyber-attack secret
November 10, 2023
Optus has lost a bid in the federal court to keep secret a report on the cause of the 2022 cyber-attack – which resulted in the personal information of about 10 million customers being exposed – after a judge rejected the telco’s legal privilege claim. After the hack, the company announced in October last year that ...
- Thailand: Trio arrested for alleged involvement in major data breach
November 9, 2023
A trio, consisting of an insurance broker, a programmer, and a Facebook page administrator, has been apprehended for their alleged involvement in a significant data breach operation. They stand accused of compromising and subsequently selling the personal data of over 15 million individuals to illicit businesses. The engineer is accused of trading the personal information of ...
- Law firm Allen & Overy hit by ‘data incident’
November 9, 2023
Allen & Overy has suffered a “data incident”, the London-founded law firm said on Thursday, after social media posts suggested it had been hacked by the Lockbit cybercrime gang. The attack, first reported by the Financial Times, comes after seven countries, including the U.S. and Britain, in June named Lockbit as the world’s top ransomware threat. Read ...
- Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach
November 7, 2023
The personal data of 665,000 Marina Bay Sands customers was accessed in a data security breach in October. The “unauthorised access” took place on Oct 19 and Oct 20 and involved the data of some Sands LifeStyle rewards programme members, said a Marina Bay Sands (MBS) spokesperson on Tuesday (Nov 7). MBS said in response ...

