AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Bridgestone Americas confirms ransomware attack, LockBit leaks data

    March 11, 2022

    A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours. Bridgestone has tens of production units across ...

  • Latin e-commerce giant Mercado Libre hacked

    March 10, 2022

    Latin American e-commerce company Mercado Libre had its systems hacked in an incident that exposed information related to 300,000 users of the platform. The NASDAQ-listed company disclosed the incident in an 8-K filing to the US Securities and Exchange Commission, noting that part of its source code had been subject to unauthorized access, exposing user data. The ...

  • NY OAG warns T-Mobile data breach victims of identity theft risks

    March 3, 2022

    The New York State Office of the Attorney General (NY OAG) warned victims of the August 2021 T-Mobile data breach that they faced identity theft risks after some of the stolen information ended up for sale on the dark web. The alert comes after individuals impacted in the incident were notified by identity theft protection services ...

  • Signal says messages circulating about app’s hacking false

    March 1, 2022

    Instant messaging app Signal said on Monday rumors circulating on several apps that its messaging platform has been “compromised and hacked” is false. Signal said in a tweet that it saw an uptick in usage in Eastern Europe and the rumor messages were often attributed to official government sources that read “attacks on Signal platform.” Read more… Source: ...

  • Quarter of a million lawyer disciplinary records leak

    February 28, 2022

    Approximately 260,000 nonpublic disciplinary records stored on behalf of The State Bar of California were found to be exposed to the public and to have been republished on Judyrecords.com, a website that aggregates over 630 million public court records. The sensitive records exposed include the case number, filing date, case type, case status, and respondent and ...

  • Ransomware groups and hacktivist collective are getting involved in the military conflict between Ukraine and Russia

    February 25, 2022

    Multiple ransomware groups and members of the hacktivist collective Anonymous announced this week that they are getting involved in the military conflict between Ukraine and Russia. On Thursday, members of Anonymous announced on Twitter that they would be launching attacks against the Russian government. The hacktivists defaced some local government websites in Russia and temporarily took ...