AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Adidas warns of consumer data breach

    May 23, 2025

    German sportswear maker Adidas said on Friday an unauthorised external party had obtained certain consumer data through a third-party customer service provider albeit not passwords or credit card data. “We immediately took steps to contain the incident and launched a comprehensive investigation, collaborating with leading information security experts,” the company said in a statement. Read more… Source: MSN ...

  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials

    May 22, 2025

    The possibility that data could be inadvertently exposed in a misconfigured or otherwise unsecured database is a longtime privacy nightmare that has been difficult to fully address. But the new discovery of a massive trove of 184 million records—including Apple, Facebook, and Google logins and credentials for accounts connected to multiple governments—underscores the risks of recklessly ...

  • Broadcom hit by employee data theft after breach in supply chain

    May 19, 2025

    Customers of the global semiconductor giant Broadcom have had their sensitive data leaked on the dark web after a two-step supply chain attack. Apparently, a company called Business Systems House (BSH), a human capital management (HCM) services provider from the Middle East, suffered a ransomware attack in September 2024, in which a group known as El ...

  • Cocospy stalkerware apps go offline after data breach

    May 19, 2025

    A trio of phone surveillance apps, which was caught spying on millions of people’s phones earlier this year, has gone offline. Cocospy, Spyic, and Spyzie were three near-identical but differently branded stalkerware apps that allowed the person planting one of the apps on a target’s phone access to their personal data — including their messages, photos, ...

  • UK: Legal Aid database hacked, ‘significant amount’ of data and criminal records stolen

    May 19, 2025

    The UK’s Ministry of Justice (MoJ) has revealed that a cyberattack on the Legal Aid system has led to the theft of a “significant amount” of data, including criminal records. The MoJ was alerted to the attack on April 23 when data dating back as far as 2010 was accessed by the attackers. Earlier this month, ...

  • Fashion giant Dior confirms customer data accessed in cyber attack

    May 15, 2025

    Luxury French fashion brand Dior is the latest high-profile retail firm to be hit by a cyber attack. In a statement, Dior said customer data was accessed as a result, however, no financial information was impacted. The incident comes in the wake of a number of UK retailers, including Marks and Spencer and Co-op, being hit ...