AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Morgan Stanley agrees to $60 million settlement in data breach lawsuit

    January 5, 2022

    Morgan Stanley has agreed to a settlement figure of $60 million to resolve a data breach lawsuit. The US bank and financial services giant was subject to a class-action suit following two data exposure incidents involving approximately 15 million current and former clients. According to the motion (.PDF), legacy equipment was decommissioned in 2016 and 2019 that ...

  • Data breach: Broward Health warns 1.3 million patients, staff of ‘medical identity theft’

    January 3, 2022

    This weekend, the Broward Health hospital system notified more than 1.3 million patients and staff members that their personal information was involved in a data breach that started on October 15. In a statement on Saturday, the Florida hospital system said that in addition to names, addresses and phone numbers, Social Security numbers, bank account information ...

  • Top 10 healthcare breaches in the U.S. exposed data of 19 million

    December 31, 2021

    The healthcare sector has been the target of hundreds of cyberattacks this year. A tally of public data breach reports so far shows that tens of millions of healthcare records have been exposed to unauthorized parties. Most of the largest data breaches result from ransomware attacks and the first ten of them account for more than ...

  • T-Mobile confirms SIM swapping attacks led to breach

    December 30, 2021

    T-Mobile has confirmed a data breach that was caused in part by SIM swapping attacks, according to a statement from the company. The T-Mo Report, a blog tracking T-Mobile, obtained internal reports showing that some data was leaked from a subset of customers. Some individuals had their customer proprietary network information (CPNI) leaked, which includes information about ...

  • Fintech firm hit by log4j hack refuses to pay $5 million ransom

    December 29, 2021

    One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply. After the company’s refusal to pay the ransom, threat actors ...

  • Phishing incident causes data breach at West Virginia hospitals

    December 22, 2021

    A hospital system in West Virginia has suffered a data breach resulting from a phishing attack, which gave hackers access to several email accounts. Monongalia Health System — which runs Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company — said that hackers had access to several email accounts from May 10 to August ...