AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Twitch source code, business data, gamer payouts leaked in massive hack

    October 6, 2021

    An unknown hacker has leaked the entirety of Twitch’s source code among a 128 GB trove of data released this week. The hack, first reported by Video Games Chronicle and confirmed by multiple sources, includes: The entirety of twitch.tv, with commit history going back to its early beginnings Mobile, desktop and console Twitch clients Creator payout reports from 2019 Proprietary ...

  • 3.1M Neiman Marcus Customer Card Details Breached

    October 1, 2021

    Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just this week, Neiman Marcus acknowledged the compromise, ...

  • Epik Confirms Hack, Gigabytes of Data on Offer

    September 21, 2021

    Epik, the domain registrar known for hosting several large right-wing organizations, has confirmed a hack of its systems, a week after attackers branding themselves with the Anonymous hacktivist collective label said that the group had obtained and leaked gigabits of data from the hosting company, including 15 million email addresses. “On September 15, we confirmed that ...

  • UK: 250 Afghan interpreters’ details in data breach, MoD confirms

    September 21, 2021

    The Ministry of Defence has launched an investigation into a data breach involving the details of 250 Afghan interpreters. An MoD spokeswoman told Sky News 250 email addresses are part of the breach, but it is not yet known if they contain the names or photos of the translators involved. The breach was carried out by the ...

  • Is it OK to use stolen data? What if it’s scientific research in the public interest?

    September 20, 2021

    There’s a fine line between getting hold of data that may be in the public interest and downright stealing data just because you can. And simply because the data is out there – having been stolen by online intruders and then leaked – does not mean it is right to use it. A paper published in ...

  • Stolen Credentials Led to Data Theft at United Nations

    September 10, 2021

    A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed. That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to “further attacks” ...