AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Why Cloud Misconfigurations Remain A Top Cause Of Data Breaches
April 8, 2025
It’s 2025, and the industry has built some of the most advanced cloud environments ever seen—automated deployments, real-time threat detection and infrastructure that scales with just a few lines of code. Yet, data breaches aren’t slowing down—why? Because a single misconfiguration—often as simple as an overly permissive IAM role or an exposed storage bucket—can wreck everything. ...
- Massive Europcar data breach affects around 200,000 customers
April 7, 2025
Europcar has reportedly suffered a data breach in which it lost sensitive data on hundreds of thousands of customers. A threat actor with the alias ‘Europcar’ posted a new thread in an underground forum, claiming to have “successfully breached Europcar’s systems and obtained all their GitLab repositories”. As a result, the attacker took more than 9,000 ...
- Security firm Check Point confirms data breach, but says users have nothing to worry about
April 1, 2025
A hacker is claiming to have stolen a “highly sensitive” dataset from Check Point – but the company is looking to play down any concerns users might have. The cybercriminal, going by the name of CoreInjection, posted about the dataset of compromised Check Point files on a cybercrime forum – and alleges that the information contains ...
- GCHQ worker admits taking top secret data home
March 31, 2025
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone. Hasaan Arshad, 25, pleaded guilty to an offence under the Computer Misuse Act on what would have been the first day of his trial at the Old Bailey in London. The charge related to committing ...
- Oracle grapples with dual data breaches
March 31, 2025
Oracle is dealing with the fallout of a double data breach — one exposing patient data at US hospitals, and another raising concerns about its cloud security. Reports over the weekend suggest a breach at Oracle Health, formerly known as Cerner, has impacted multiple US healthcare organisations and hospitals. Threat actors are believed to have stolen ...
- UK: NHS software provider fined £3m over data breach after ransomware attack
March 27, 2025
An NHS software provider has been fined £3m by the Information Commissioner’s Office (ICO) over security failings that led to a ransomware attack on the NHS. The Advanced Computer Software Group was fined for a breach that put personal information of 79,404 people at risk, the UK’s data protection watchdog said. The firm provides IT and ...

