AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hacker selling Twitter account data of 5.4 million users for $30k
July 22, 2022
Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. Yesterday, a threat actor known as ‘devil’ said on a stolen data market that the database ...
- Walmart-controlled flight booking service suffers substantial data leak
July 19, 2022
An Indian flight booking website majority-owned by US retail colossus Walmart has experienced a data breach, but is saying very little about what happened or the risks to customers. News of the breach emerged on Monday, when customers received a message. While the message to customers assures them that “no sensitive information pertaining to your Cleartrip account” ...
- 1.9m patient records exposed in healthcare debt collector ransomware attack
July 13, 2022
Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that private data – including names, addresses, social security numbers, and health records – for more than 1.9 million people was exposed during a ransomware infection. In a notice posted on its website, PFC ...
- RaHDIt hackers published data of Ukrainian spies
July 6, 2022
RaHDIt hackers have made public the data of one thousand employees of the Main Intelligence Directorate (GUR) of the military department of Ukraine. According to RIA Novosti, problems in protecting the networks of the Central Directorate of the Main Intelligence Directorate on Rybalsky Island in Kyiv helped in the formation of the database. Among the disclosed intelligence ...
- Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware
June 28, 2022
Trend Micro Research recently analyzed several cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. After investigating the chain of events, they found that many of these attacks resulted in data being exfiltrated from the infected systems. However, the researchers also found that some of the victims were infected ...
- AMD targeted by RansomHouse, cybercrims claim to have ‘450Gb’ in stolen data
June 28, 2022
If claims hold true, AMD has been targeted by the extortion group RansomHouse, which says it is sitting on a trove of data stolen from the processor designer following an alleged security breach earlier this year. RansomHouse says it obtained the files from an intrusion into AMD’s network on January 5, 2022, and that this isn’t ...

