AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Bouygues Telecom data breach could affect millions of customers
August 8, 2025
French telco giatn Bouygues Telecom has confirmed suffering a cyberattack in which it lost sensitive customer data. In a short announcement published on its website, the company said it detected the attack on August 4, and following an investigation, determined threat actors stole people’s contact details, contract data, civil status data (or company details), and IBAN ...
- Taiwan arrests 6 in probe of TSMC chip technology leak
August 6, 2025
Taiwan prosecutors arrested six people suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co (TSMC), opening an investigation into a potential breach of national security involving a global tech industry linchpin. The chipmaker to Nvidia reported a number of former and current staff to authorities on suspicion they illegally obtained core technology. A total of ...
- Hacker used a voice phishing attack to steal Cisco customers’ personal information
August 5, 2025
A cybercriminal tricked a Cisco representative into granting them access to steal the personal information of Cisco.com users, the company said on Tuesday. Cisco said it discovered the breach on July 24, blaming the incident on a voice phishing or “vishing” call. The hackers accessed and exported “a subset of basic profile information” from the database ...
- Data breach at Central Maine Healthcare exposes patient information
August 1, 2025
Central Maine Healthcare says an unauthorized party gained access to its network on March 19th, and they kept that access until June 1st. After a weeks-long shut down of phone and online services, Central Maine Healthcare officials say patient data was likely compromised during a two and a half month period where a hacker gained access ...
- Singapore: Critical information infrastructure owners must report suspected advanced cyberattacks under new rules
July 29, 2025
Owners of Singapore’s critical information infrastructure (CII) will soon be required to report any incidents suspected to be caused by advanced persistent threats (APTs), a type of prolonged cyberattack typically carried out by well-resourced threat actors. The reports must be made to the Cyber Security Agency of Singapore (CSA), said Minister for Digital Development and Information ...
- NASCAR confirms user data breach following Medusa ransomware attack
July 28, 2025
NASCAR has confirmed it suffered a cyberattack and a data breach in April 2025 which saw personal information of racing fans allegedly stolen. The organization filed data breach reports with attorneys general in multiple US states, describing what had happened, and how it responded, noting the attack started on March 31, 2025, and was spotted – ...

