AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • ADATA denies RansomHouse cyberattack, says leaked data from 2021 breach

    October 8, 2022

    Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the threat actors began posting stolen files on their data leak site. The RansomHouse gang added ADATA files to their data leak site on Tuesday, claiming they stole 1TB worth of documents in a 2022 cyberattack.The threat actors also leaked samples of allegedly stolen files, ...

  • Shangri-La hotel chain confirms data leak

    October 5, 2022

    Hotel chain Shangri-La Group has admitted to its systems being attacked, and personal data describing guests accessed by unknown parties, over a timeframe that includes the dates on which a high-level international defence conference was staged at one of its Singapore properties. “Shangri-La Group recently discovered unauthorized activities on our IT network,” states a notice from ...

  • Optus confirms 2.1 million ID numbers exposed in data breach

    October 4, 2022

    Optus confirmed yesterday that 2.1 million customers had government identification numbers compromised during a cyberattack last month. In a press statement released yesterday, the mobile carrier updated the information regarding the personal data of 9.8 million customers exposed during the attack. In an investigation, Optus confirmed that a total of 2.1 million customers had valid or expired ...

  • How Ransomware Is Causing Chaos in American Schools

    October 3, 2022

    May 19, 2021 was supposed to be just another day at the end of the school year at Sierra College, a community college in Rocklin, California. Instead, hackers hit the school with ransomware, throwing it into chaos. “We are experiencing a major cybersecurity event this morning that is impacting the majority of services at Sierra College,” ...

  • Ransomware gang leaks data stolen from LAUSD school system

    October 3, 2022

    Thousands of files apparently stolen last month in a ransomware attack on the Los Angeles Unified School District were released on the dark web over the weekend. The threat has been a major concern for the nation’s second-largest school district since Labor Day Weekend, when a cyber intrusion forced school district officials to take the extraordinary ...

  • Russian retail chain ‘DNS’ confirms hack after data leaked online

    October 3, 2022

    Russian retail chain ‘DNS’ (Digital Network System) disclosed yesterday that they suffered a data breach that exposed the personal information of customers and employees. DNS is Russia’s second-largest computer and home appliance store chain, with 2,000 branches and 35,000 employees. According to the scant details provided in the announcement, a group of hackers residing outside the Russian ...