AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bulgaria’s hacked database is now available on hacking forums
July 18, 2019
The database of Bulgaria’s National Revenue Agency (NRA), which was hacked over the weekend and sent to local reporters, is now being shared on hacking forums, ZDNet has learned from sources in the threat intelligence community. Download links to the hacked database have been shared by a hacked data trader known as Instakilla, believed to be operating out of ...
- Marriott Hit With $123M Fine For Massive 2018 Data Breach
July 9, 2019
The U.K.’s privacy watchdog is hitting Marriott International with a $123 million (£99 million) penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office (ICO) and comes only a day after the organization proposed a record $230 million fine against British Airways for its ...
- Hackers breached Greece’s top-level domain registrar
July 9, 2019
State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el. ICS-Forth, which stands for the Institute of Computer Science of the Foundation for Research and Technology, publicly admitted to the security incident in emails it sent ot domain owners on April 19. The hackers behind the breach are the same group ...
- MongoDB Leak Exposed Millions of Medical Insurance Records
June 28, 2019
Millions of records containing personal information and medical insurance data were exposed by a database belonging to insurance marketing website MedicareSupplement.com. An online database belonging to insurance marketing website MedicareSupplement.com was found exposing more than 5 million records with personal information. MedicareSupplement.com is a U.S.-based marketing site that allows users to find supplemental medical insurance available in their ...
- Massive Quest Diagnostics data breach impacts 12 million patients
June 4, 2019
A massive data breach has struck Quest Diagnostics and the information of up to 11.9 million patients has potentially been compromised. On Monday, the US clinical laboratory said that American Medical Collection Agency (AMCA), a billing collections provider that works with Quest, informed the company that an unauthorized user had managed to obtain access to AMCA systems. Through the ...
- Unsecured database exposes 85GB in security logs of major hotel chains
May 30, 2019
An unsecured database that exposed the security logs — and therefore potential cybersecurity weaknesses — of major hotels including Marriott locations has been uncovered by researchers. VpnMentor researchers Noam Rotem and Ran Locar published their findings on Thursday, noting that multiple hotels have been embroiled in the security incident. The team, including co-founder of vpnMentor Ariel Hochstadt, uncovered the problematic server ...

