AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • How your stolen personal data is sent to the dark web, and what hackers can do with it

    February 10, 2019

    “It’s 6.5 billion now,” the cybersecurity specialist says, standing in his office in Kowloon, Hong Kong, overlooking a control room where glowing computer screens display the pulse being taken of nefarious web activity. One dial acts as an algorithm-generated odometer for internet threat levels, while a pulsing world map shows regions from which cyberattacks and ...

  • Collections #2-5 unearthed with 2.2 billion unique records now exposed online

    February 1, 2019

    Researchers have established that more than 600GB of personal information is circulating online after finding a monster cache of four additional ‘Collection’ folders. The Collection #1 leak discovered earlier this month was considered one of the largest leakages of personal data in history, with more than 773 million unique email addresses, and 22 million passwords, found ...

  • Airbus data breach impacts employees in Europe

    January 30, 2019

    European aerospace corporation Airbus disclosed today a security breach that impacted its commercial aircraft manufacturing business. The company said the security breach “resulted in unauthorised access to data.” According to a press release published earlier today, Airbus said that “some personal data was accessed,” but “mostly professional contact and IT identification details of some Airbus employees in Europe.” Read more… Source: ...

  • Massive Collection #1 leak exposes 773m unique records online

    January 17, 2019

    Nearly 2.7 billion records containing up to 800 million unique email addresses and more than 21 million unique passwords have been compromised and published online. The massive data leak, dubbed Collection #1, is made up of individual breaches from “literally thousands of different sources”, according to security researcher Troy Hunt, who announced his findings in a blog ...

  • Unprotected Government Server Exposes Years of FBI Investigations

    January 17, 2019

    A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case ...

  • Over 202 Million Chinese Job Seekers’ Details Exposed On the Internet

    January 10, 2019

    Cybersecurity researcher has discovered online a massive database containing records of more than 202 million Chinese citizens that remained accessible to anyone on the Internet without authentication until last week. The unprotected 854.8 gigabytes of the database was stored in an instance of MongoDB, a NoSQL high performance and cross-platform document-oriented database, hosted by an American ...