AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Nearly one million credit cards offered on underground forum
August 10, 2021
Researchers with D3Lab have discovered the data of almost one million credit card holders being sold on an underground forum, according to a blog post released this week. In a sample of 980,930 files acquired by D3Lab analysts on Monday, the batch contained names, addresses, credit card numbers, expirations and CVVs. Read more… Source: ZDNet
- DOJ: SolarWinds hackers breached emails from 27 US Attorneys’ offices
July 30, 2021
The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys’ offices were breached by the Russian Foreign Intelligence Service (SVR) during the SolarWinds global hacking spree. “The APT is believed to have access to compromised accounts from approximately May 7 to December 27, 2020,” the DOJ said ...
- Northern Ireland’s COVID certification service suspended after data leak
July 28, 2021
Northern Ireland’s Department of Health (DoH) has temporarily halted its COVID-19 vaccine certification online service following a data exposure incident. Some users of COVIDCert NI app were presented with data of other users, under certain circumstances, says the Department. As seen by BleepingComputer, neither the web service nor the mobile app functionality is accessible at the time ...
- UC San Diego Health discloses data breach after phishing attack
July 27, 2021
UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health is one of the nation’s best hospitals, being repeatedly ranked as the best health care system in San Diego, according to the 2021-2022 U.S. ...
- Gun owners’ fears after Guntrader.uk data breach
July 23, 2021
Thousands of names and addresses belonging to UK customers of a leading website for buying and selling shotguns and rifles have been published to the dark web following a “security breach”. Guntrader.uk told the BBC it learned of the breach on Monday and had notified the Information Commissioner’s Office. Police, including the National Crime Agency, are investigating. Read ...
- Law firm Campbell Conroy & O’Neil warned clients of ransomware data breach
July 20, 2021
Law firm Campbell Conroy & O’Neil has warned of a breach from late February which may have exposed data from the company’s lengthy client list of big-name corporations including Apple and IBM. The breach, which was discovered on 27 February 2021 when a ransomware infection blocked access to selected files on the company’s internal systems, has ...

