AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Amazon suffers data breach days before Black Friday

    November 21, 2018

    Amazon has suffered a data breach just days before Black Friday – and the company was tight-lipped about whether it had notified the British data protection authorities. Multiple Register readers forwarded us emails sent from Amazon’s UK tentacle informing them that the online sales site had “inadvertently disclosed name and email address due to a technical error”. The ...

  • USPS Site Exposed Data on 60 Million Users

    November 21, 2018

    U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous. The researcher said ...

  • True Identity of Notorious Hacker tessa88 Revealed

    November 20, 2018

    In early 2016, a previously unknown hacker operating under the alias of tessa88 publicly emerged after offering an extensive list of compromised, high-profile databases for sale. The hacker offered for sale the databases of companies such as VKontakte, Mobango, Myspace, Badoo, QIP, Dropbox, Rambler, LinkedIn, and Twitter, among others. Within several months of incredibly active ...

  • The US Office of Personnel Management Systems Are Still Insecure

    November 14, 2018

    The security posture of the Office of Personnel Management has improved drastically and by the end of the year, the agency is on track to meeting almost all recommendations the US Government Accountability Office (GAO) made over the past two years. Full compliance is expected by the end of 2019. GAO carried out between February 2015 ...

  • Radisson Hotel Group suffers data breach, customer info leaked

    November 1, 2018

    The chain accounts for over 1,400 hotels in over 70 countries and includes the Park Plaza brand, Country Inn & Suites, Park Inn, and Radisson Collection. Radisson Rewards members were directly informed on October 30 and 31 that a security incident was discovered on the first of the month which may have involved the leak of ...

  • Australian defence contractor Austal hit by data breach

    November 1, 2018

    Australian prime defence contractor and shipbuilder Austal informed  the Australian Securities Exchange (ASX) of a data breach after the market closed on Thursday evening. The company said it alerted “stakeholders” who were potentially hit by the breach, but said no information affecting national security or the company’s operations was stolen, although a number of staff emails and ...