AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ukraine-Linked Group Claims It Hacked Website Of Moscow Property Registration Bureau
August 7, 2023
A Ukraine-linked hacker group said on Telegram on August 7 that it had hacked the website of Moscow’s municipal property registration bureau (MosgorBTI) overnight, saying “the information about state officials, politicians, military, and special services officers who support the Ukraine war had been handed to Ukraine’s defense forces.” The MosgorBTI’s website has yet to comment on ...
- Spyware maker LetMeSpy shuts down after hacker deletes server data
August 5, 2023
Poland-based spyware LetMeSpy is no longer operational and said it will shut down after a June data breach wiped out its servers, including its huge trove of data stolen from thousands of victims’ phones. In a notice on its website in both English and Polish, LetMeSpy confirmed the “permanent shutdown” of the spyware service and that ...
- FBI Investigating Cyber Attack Affecting Connecticut Hospitals
August 4, 2023
“Prospect Medical Holdings Inc. recently experienced a data security incident that has disrupted our operations,” said Nina Kruse, ECHN’s vice president for communications and public affairs. “Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” she said. The FBI’s field office in New ...
- Capita boss quits as fine looms for huge hack of confidential data
July 31, 2023
The chief executive of outsourcing firm Capita is to step down as the company reels from a cyber-attack that could result in a hefty fine from the UK’s information and privacy regulator. Capita said Jon Lewis would step down by the end of the year, making way for Adolfo Hernandez, the vice-president of telecommunications at Amazon ...
- CISA and Partners Release Joint Cybersecurity Advisory on Preventing Web Application Access Control Abuse
July 27, 2023
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) are releasing a joint Cybersecurity Advisory (CSA), Preventing Web Application Access Control Abuse, to warn vendors, designers, developers, and end-user organizations of web applications about insecure direct object reference (IDOR) vulnerabilities. These vulnerabilities are ...
- New SEC rule requires public companies to disclose cybersecurity breaches in 4 days
July 26, 2023
The Securities and Exchange Commission adopted rules Wednesday to require public companies to disclose within four days all cybersecurity breaches that could affect their bottom lines. Delays will be permitted if immediate disclosure poses serious national security or public safety risks. The new rules, passed by a 3-2 vote, also require publicly traded companies to annually ...

