AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Millions of Medical Documents for Addiction and Recovery Patients Leaked

    April 22, 2019

    The information includes data on all rehab treatments and procedures, linked with patients’ names and other info. As if wrestling with addiction and recovery weren’t difficult enough, tens of thousands of patients of a rehab clinic in Pennsylvania may find their personal information hijacked and manipulated by identity thieves or extortionists. An ElasticSearch database that was left ...

  • Outlook.com hack much worse than initially thought

    April 15, 2019

    A hack that Microsoft said affected “some” of its users’ email accounts is much worse than initially thought, according to reports. On Saturday, the company confirmed that some users of its email services had been targeted by hackers. But the issue is thought to be much worse than previously reported as the hackers were able to ...

  • Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

    April 13, 2019

    If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the ...

  • Citrix Data Breach – Iranian Hackers Stole 6TB of Sensitive Data

    March 11, 2019

    Popular enterprise software company Citrix that provides services to the U.S. military, the FBI, many U.S. corporations, and various U.S. government agencies disclosed last weekend a massive data breach of its internal network by “international cyber criminals.” Citrix said it was warned by the FBI on Wednesday of foreign hackers compromising its IT systems and stealing ...

  • Email verification service takes itself offline after 800 million records get publicly exposed

    March 8, 2019

    An online email verification service has taken itself offline after approximately 809 million of its customers’ emails were exposed through an unprotected server. Researchers discovered a non-password protected MongoDB instance amounting to 150GB of data split across four separate collections last week. They analysed this exposed data, 808,593,939 records in total, and published their findings on Thursday. The exposed ...

  • Whitefly: Espionage Group has Singapore in Its Sights

    March 6, 2019

    Group behind the SingHealth breach is also responsible for a string of other attacks in the region. In July 2018, an attack on Singapore’s largest public health organization, SingHealth, resulted in a reported 1.5 million patient records being stolen. Until now, nothing was known about who was responsible for this attack. Symantec researchers have discovered that ...