AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • 23 million records leaked in Vietnam Airlines–linked data breach

    October 14, 2025

    Vietnam Airlines has confirmed that some customers’ personal information, including full names, email addresses and phone numbers, was exposed in a recent data breach linked to its technology partner’s online customer service platform. In an email sent to customers on Oct. 14, the national carrier said it was alerted after hackers uploaded 23 million customer records ...

  • Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data

    October 14, 2025

    Harvard is investigating a data breach after a Russian-speaking cybercrime organization claimed it was preparing to release information stolen through a vulnerability in a software suite used by the University. Clop, an organization that extorts payments from companies to prevent the release of stolen data, announced the breach on its leak site Saturday. The alleged breach ...

  • Qantas says customer data released by cyber criminals months after cyber breach

    October 12, 2025

    Australia’s Qantas Airways said on Sunday that it was one of the companies whose customer data had been published by cybercriminals after it was stolen by a hacker in a July breach of a database containing the personal information of the airline’s customers. The airline said in July that more than a million customers had sensitive ...

  • SonicWall confirms all of its cloud backup customers were affected by data breach

    October 10, 2025

    All companies using SonicWall’s MySonicWall cloud backup feature have had their firewall configuration files exposed in a recent cyberattack, the company has admitted. After initially claiming “fewer than 5%” of its customer base was affected, the company has revealed the true scale of the incident. In mid-September 2025, SonicWall warned its firewall customers to reset their ...

  • UK: Two teenagers arrested over cyber-attack on nursery chain

    October 7, 2025

    Two 17-year-old boys have been arrested by police investigating a cyber-attack on a chain of nurseries in London. The Metropolitan Police say the pair were arrested at residential addresses in Bishop’s Stortford, Hertfordshire, on suspicion of computer misuse and blackmail. Hackers were said to have stolen the photographs, names and addresses of about 8,000 children from ...

  • Security bug in India’s income tax portal exposed taxpayers’ sensitive data

    October 7, 2025

    The Indian government’s tax authority has fixed a security flaw in its income tax filing portal that was exposing sensitive taxpayers’ data, TechCrunch has exclusively learned and confirmed with authorities. The flaw, discovered in September by a pair of security researchers Akshay CS and “Viral,” allowed anyone who was logged into the income tax department’s e-Filing ...