AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Cyber attack hits electronics firm Volex

    October 9, 2023

    A cyber attack has hit electronic manufacturer Volex, opening the door to unauthorised access to some of its IT systems. The AIM-listed British company said it is not expecting any “material” financial impact from the incident but shares dropped over four per cent on Monday morning. After discovering the breach of certain IT systems and data ...

  • 23andMe user data breached in credential-stuffing attack

    October 7, 2023

    Biotech company 23andMe, known for its DNA testing kits, said the leak occurred through a credential-stuffing attack. A credential-stuffing attack involves user information that has already been compromised (usernames and passwords, for example) from one organization, which a hacker obtains and attempts to reuse with a second organization — in this case, 23andMe. Because of the ...

  • MGM Resorts estimates $100M loss due to cyber attack

    October 6, 2023

    MGM Resorts sent a letter to customers regarding the recent cyber incident that took place on Sept. 11. MGM Resorts stated that on or around Sept. 29, it determined that an unauthorized third party obtained the personal information of some of its customers on Sept. 11. The company also said it filed an 8-K form with ...

  • Clorox shares touch more than 5-year low on financial hit from cyber attack

    October 5, 2023

    Shares in Clorox were down 8.1% on Thursday, after hitting their lowest level since May 2018, after the cleaning supplies company’s warned that an August cyber attack would push it into a quarterly loss and slash up to 28% off its revenue. On Aug 14 Clorox said it took some systems offline after unauthorized activity disrupted ...

  • Sony confirms cyber-attack exposed details of nearly 7000 current and former employees

    October 5, 2023

    Sony Interactive Entertainment has confirmed the personal information of 6,791 former and current employees was exposed as part of a cyber-attack in June. According to a report the data breach was carried out by the Clop ransomware group. Sony is now contacting anyone affected and is offering credit monitoring and identity restoration services. In correspondence notifying ...

  • Ransomware group demands $51 million from Johnson Controls after cyber attack

    September 28, 2023

    Johnson Controls, a multinational conglomerate that secures industrial control systems, security equipment, fire safety and air conditioning systems, has been hit by a massive cyber attack. The company, which employs over 100,000 people around the world, suffered a ransomware attack over the weekend which left data encrypted and caused it to shut down sections of ...