AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • More sensitive Optus data leaked in major cyberattack on law firm

    July 1, 2023

    Optus has been caught up in another major cyberattack, with sensitive information about a privacy watchdog investigation into the mobile-phone company breached by Russian hackers. The Office of the Australian Information Commissioner is one of dozens of government departments and agencies scrambling to find out how much of their data has been breached in a hack ...

  • UK: Hacking gang BlackCat says it stole data trove from the Barts Health NHS Trust

    June 30, 2023

    A gang of cybercriminals says it has breached one of the UK’s largest hospital groups and is threatening to publish a trove of its confidential data. The gang, known as ALPHV or BlackCat, posted a statement on Friday claiming it had obtained seven terabytes of internal documents from the Barts Health NHS Trust, which manages five ...

  • Hackers threaten to leak 80GB of confidential data stolen from Reddit

    June 19, 2023

    Hackers are threatening to release confidential data stolen from Reddit unless the company pays a ransom demand – and reverses its controversial API price hikes. In a post on its dark web leak site, the BlackCat ransomware gang, also known as ALPHV, claims to have stolen 80 gigabytes of compressed data from Reddit during a February ...

  • Cyber attack results in data breach of all Louisiana driver licenses, IDs

    June 16, 2023

    Those with a Louisiana ID, registration or driver’s license could have their personal data exposed as a major cyber attack targeted the Louisiana Office of Motor Vehicles as well as other Government entities. According to the Governor’s Office of Homeland Security and Emergency Preparedness, the OMV was breached. The state says MOVEit – which is a ...

  • Mystic Stealer: The new kid on the block

    June 15, 2023

    Mystic Stealer is a new information stealer that was first advertised in April 2023. Mystic steals credentials from nearly 40 web browsers and more than 70 browser extensions. The malware also targets cryptocurrency wallets, Steam, and Telegram. The code is heavily obfuscated making use of polymorphic string obfuscation, hash-based import resolution, and runtime calculation of constants. Read more… Source: ...

  • Two Prudential companies in Malaysia affected by MOVEit data-theft attack

    June 13, 2023

    Prudential Assurance Malaysia Bhd (PAMB) and Prudential BSN Takaful Bhd (PruBSN) have confirmed that they have been affected by the global MOVEit data-theft attack, “where a zero-day vulnerability was exploited.” The two insurance companies said that as soon as they became aware of the breach, “we took action to isolate the affected server while the incident ...