AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Accellion zero-day claims a new victim in cybersecurity company Qualys
March 4, 2021
Qualys has revealed that a “limited” number of customers may have been impacted by a data breach connected to an Accellion zero-day vulnerability. The cloud security and compliance firm said on Wednesday that the security incident did not have any “operational impact,” but “unauthorized access” had been obtained to an Accellion FTA server used by the ...
- Maza Russian cybercriminal forum suffers data breach
March 4, 2021
The Maza cybercriminal forum has reportedly suffered a data breach leading to the leak of user information. On March 3, Flashpoint researchers detected the breach on Maza — once known as Mazafaka — which has been online since at least 2003. Maza is a closed and heavily-restricted forum for Russian-speaking threat actors. The community has been connected ...
- Malaysia Airlines suffers data security ‘incident’ spanning nine years
March 2, 2021
Malaysia Airlines has suffered a data security “incident” that compromised personal information belonging to members of its frequent flyer programme, Enrich. The breach is purported to have occurred at some point during a period that spans almost a decade and involves a third-party IT service provider. The airline had sent out an emailer to Enrich members ...
- Passwords, Private Posts Exposed in Hack of Gab Social Network
March 1, 2021
Distributed Denial of Secrets (DDoSecrets), a self-proclaimed “transparency collective,” claim they have received more than 70 gigabytes of data exfiltrated from social media network Gab. Gab, which touts itself as “a social network that champions free speech, individual liberty and the free flow of information online” has drawn in various alt-right and far-right users. A hacker ...
- Npower withdraws mobile app after hackers steal personal details
February 27, 2021
Npower has permanently withdrawn its mobile app after hackers used it to access its customers’ personal details, including the sort codes and the last four digits of their bank accounts. The hack, which cybersecurity experts said left the firm’s customers “wide open to fraud”, is understood to have taken place around the start of February. The company ...
- Dutch Research Council (NWO) confirms ransomware attack, data leak
February 26, 2021
The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang. The hackers gained access to NWO’s network on February 8 and stole internal documents, threatening with leaking them unless the organization paid a ransom. Since NWO does not cooperate with ...

