AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UK: Hundreds of residents’ details shared in data breach

    November 4, 2025

    A council chief has apologised after hundreds of residents’ sensitive data was mistakenly shared online. Some names, addresses, phone numbers and email addresses of 625 people who responded to South Gloucestershire Council’s consultation on 24 October were published online for three days. Once the error was spotted, council officers took “very prompt action” to remove the ...

  • University of Pennsylvania says it has called FBI over data breach

    November 3, 2025

    The University of Pennsylvania says it has called in the Federal Bureau of Investigation after offensive emails were distributed to alumni. In a statement, the university said that a data breach had affected “select information systems.” An email sent to University of Pennsylvania alumni on Friday and reviewed by Reuters showed that someone masquerading as the ...

  • UK: Woman charged after around 100 patient records accessed in data breach

    October 31, 2025

    A woman has been charged after around 100 patients had their medical records accessed in a data breach at NHS Lothian. The health board has written letters to patients affected by the breach, which they say was caused by one individual at Edinburgh Royal Infirmary. A letter dated last month, seen by STV News, says the ...

  • Ransomware gang claims Conduent breach: what you should watch for next [updated]

    October 30, 2025

    Updated – October 30, 2025: New information confirms that Conduent’s 2024 breach has impacted over 10.5 million people, based on notifications filed with multiple state attorneys general. The largest disclosure came from the Oregon government, which reported 10.5 million affected residents. Conduent provides technology services to several US state governments, including Medicaid, child support, and food ...

  • EY exposes 4TB+ SQL database to open internet for who knows how long

    October 29, 2025

    A Dutch cybersecurity outfit says its lead researcher recently stumbled upon a 4TB+ SQL Server backup file belonging to EY exposed to the web, effectively leaking the accounting and consulting megacorp’s secrets. Among the BAK file’s data were API keys, cached authentication tokens, session tokens, service account passwords, and user credentials, Neo Security’s writeup explained. Read more… Source: ...

  • Ireland: Number of passengers affected by data breach not yet clear

    October 26, 2025

    It has not yet clear how many passengers were affected by the data breach relating to boarding passes issued for flights during August, but RTÉ News understands it may be in the hundreds of thousands. In August 3.8 million passenger journeys were made on flights through Dublin Airport. It has not been revealed yet what type ...