AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Personal Information of 52.5 Million Exposed by New Google+ People API Bug

    December 10, 2018

    “With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days,” said David Thacker, G Suite Product Management VP. “In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019.” Google discovered the bug in ...

  • Senators Push for Data Breach and Privacy Legislation Following Marriot Breach

    December 3, 2018

    U.S. Democrat Senators Mark Warne, Ed Markey, and Richard Blumenthal published statements asking for the passage of data security and consumer privacy legislation by the Congress following the Marriot International hotel chain breach. The Marriott hotel chain disclosed a huge data breach on November 30 which affected 500 million customers who had their data stored in ...

  • 500 Million Marriott Guest Records Stolen in Starwood Data Breach

    November 30, 2018

    The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W ...

  • Uber fined $1.1 million by UK and Dutch regulators over 2016 data breach

    November 29, 2018

    British and Dutch data protection regulators Tuesday hit the ride-sharing company Uber with a total fine of $1,170,892 (~ 1.1 million) for failing to protect its customers’ personal information during a 2016 cyber attack involving millions of users. Late last year, Uber unveiled that the company had suffered a massive data breach in October 2016, exposing names, email ...

  • Dell announces security breach

    November 28, 2018

    US-based hardware giant Dell announced today a security breach that took place earlier this month, on November 9. Dell says it detected an unauthorized intruder (or intruders) “attempting to extract Dell.com customer information” from its systems, such as customer names, email addresses, and hashed passwords. The company didn’t go into details about the complexity of the ...

  • 500K Italian Public Administration Email Accounts Compromised By Targeted Attack

    November 21, 2018

    500,000 certified Italian public administration emails were compromised by hackers who specifically targeted the Italian Comitato Interministeriale per la Sicurezza della Repubblica (CISR) as reported by Difesa e Sicurezza. Although CISR was the primary target, the hackers also compromised certified emails related to other Italian public administration agencies according to Roberto Baldoni, the Deputy Director of the ...