AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyber-attack on UK contractor affects islanders
August 28, 2025
A personal data breach at a Disclosure and Barring Service (DBS) contractor has affected some people in Guernsey, officials have said. The Office of the Data Protection Authority (ODPA) said that UK-based company Access Personal Checking Services Ltd (APCS) had been notified that a third-party contractor had been subject to a cyber incident. APCS said the ...
- TransUnion says hackers stole 4.4 million customers’ personal information
August 28, 2025
Credit reporting giant TransUnion has disclosed a data breach affecting more than 4.4 million customers’ personal information. In a filing with Maine’s attorney general’s office on Thursday, TransUnion attributed the July 28 breach to unauthorized access of a third-party application storing customers’ personal data for its U.S. consumer support operations. TransUnion claimed “no credit information was ...
- A new security flaw in TheTruthSpy phone spyware is putting victims at risk
August 25, 2025
A stalkerware maker with a history of multiple data leaks and breaches now has a critical security vulnerability that allows anyone to take over any user account and steal their victim’s sensitive personal data, TechCrunch has confirmed. Independent security researcher Swarang Wade found the vulnerability, which allows anyone to reset the password of any user of ...
- Massive data breach sees 16 million PayPal accounts leaked online
August 22, 2025
Hackers recently announced on a well-known forum that they were selling a dataset of 15.8 million stolen PayPal credentials, allegedly including login emails and plaintext passwords. The cybercriminals claim the information was stolen in May 2025, and the dataset contains not just emails and passwords but also associated URLs, making it easier for criminals to automate ...
- Orange Belgium informs its customers about a cyberattack
August 20, 2025
At the end of July, Orange Belgium detected a cyberattack on one of its IT systems, resulting in unauthorised access to certain data from 850,000 customer accounts. No critical data was compromised: no passwords, email addresses, bank or financial details were hacked. However, the hacker gained access to one of our IT systems containing the following ...
- Australia’s second-largest internet provider iiNet customers’ data exposed in cyber attack
August 19, 2025
Hundreds of thousands of customers of Australia’s second-largest internet provider have had their email addresses or phone numbers compromised in a cyber attack. A list of about 280,000 active email addresses and roughly 20,000 active landline phone numbers were extracted from iiNet’s order management system, parent company TPG said. Another 10,000-odd iiNet user names, street addresses ...

