AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • 200M Adult Cam Model, User Records Exposed in Stripchat Breach

    November 16, 2021

    A database containing the highly sensitive information on both users and models on the popular adult cam site StripChat were discovered online, left completely unprotected. The data exposure puts models and users at risk of extortion, violence and more. Stripchat is a popular site founded in 2016 and based in Cyprus that sells live access to ...

  • Robinhood Trading Platform Data Breach Hits 7M Customers

    November 9, 2021

    Investor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers – roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers. The trading platform, which found itself in the middle of ...

  • UK Labour Party data breach: Supporters’ details affected in cyberattack

    November 3, 2021

    The Labour Party has confirmed that details of its members and supporters is among information affected by a “cyber incident” at a company which handles the party’s data. In a statement sent to all party members on Wednesday, Labour said the “significant” attack was on “‘a third party that handles data on our behalf” and that ...

  • Third-party data breach in Singapore hits healthcare provider

    October 26, 2021

    Another third-party security breach has been reported in Singapore, this time, affecting patients of Fullerton Health and compromising personal data that included bank account details in “a few cases”. The affected vendor Agape Connecting People, which platform facilitates appointment booking, first detected the breach on October 19 and appeared to affect only Fullerton Health. The healthcare ...

  • Hacker sells the data for millions of Moscow drivers for $800

    October 23, 2021

    Hackers are selling a stolen database containing 50 million records of Moscow driver data on an underground forum for only $800. According to Russian media outlets that purchased the database, the data appears to be valid and contains records collected between 2006 and 2019 Russian news publisher Kommersant called a small sample of the exposed individuals and ...

  • BrewDog exposed data for over 200,000 shareholders and customers

    October 8, 2021

    BrewDog, the Scottish brewery and pub chain famous for its crowd-ownership model and the tasty IPAs, has irreversibly exposed the details of 200,000 of its shareholders and customers. The exposure lasted for over 18 months and the point of the leak was the firm’s mobile app, which gives the ‘Equity Punks’ community access to information, discounts ...