AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Timehop breach hits 21 million users due to a lack of 2FA on cloud services

    July 9, 2018

    Timehop, a service that surfaces a user’s past social media content, has revealed a security breach that hit the company on July 4, and resulted in a database of 21 million users hit. As a result, the company has voided all social media authorisation tokens it held, and is alerting its users. Around 4.7 million phone numbers were breached, ...

  • Fortnum & Mason data breach: 23,000 customers’ details accessed

    July 3, 2018

    The data of thousands of Fortnum & Mason customers, including addresses and contact phone numbers, has been accessed after a breach on a form on its website. The 310-year-old food shop, known as the “Queen’s grocer”, has become the latest company to fall victim to an attack. About 23,000 people who filled out a survey or took ...

  • Adidas US breach may have exposed millions of customers’ personal info

    June 29, 2018

    Adidas warned late on Thursday that hackers may have lifted customer data from its US website. The sportswear maker said personal data, including contact information (addresses and email addresses), and encrypted passwords may have fallen into the hands of criminals, but was able to reassure customers that neither financial nor fitness information was at risk. Read more… Source: The Register  

  • Dixons Carphone prepare for backlash following data breach

    June 21, 2018

    Firm faces possible fine under GDPR after data breach went undetected Dixons Carphone faces further woes as its full-year earnings were hit, as it battle against the backlash of a serious cyber breach revealed last week. Falling gross profits and a plummeting share price were expected as the investigation continues into the data breach that compromised ...

  • Yahoo fined £250,000 by UK watchdog over data breach

    June 13, 2018

    The UK Information Commissioner’s Office (ICO) has fined Yahoo £250,000 over a data breach which occurred in 2014. The data breach resulted in the theft of at least 500 million records. It is believed that names, email addresses, telephone numbers, dates of birth, hashed passwords, and some “encrypted or unencrypted security questions and answers” were compromised. Yahoo has ...

  • MyHeritage Says Over 92 Million User Accounts Have Been Compromised

    June 5, 2018

    MyHeritage, the Israel-based DNA testing service designed to investigate family history, has disclosed that the company website was breached last year by unknown attackers, who stole login credentials of its more than 92 million customers. The company learned about the breach on June 4, 2018, after an unnamed security researcher discovered a database file named “myheritage” ...