AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Canvas maker Instructure reveals data breach — confirms user personal information leaked

    May 5, 2026

    Instructure, the edtech giant behind the popular Canvas learning system, has confirmed suffering a cyberattack and losing sensitive customer data. The company issued a brief statement, confirming the hit, “While our investigation continues alongside our outside forensics experts, at this stage we believe the incident has been contained,” the notice reads. Instructure said the crooks accessed ...

  • Trellix confirms data breach after hack of ‘a portion’ of its source code

    May 5, 2026

    Cybersecurity giant Trellix has confirmed suffering a cyberattack in which threat actors accessed parts of its source code. In a brief announcement published on its website, Trellix said it had identified “unauthorized access to a portion of source code repository”. As soon as it spotted the intrusion, the company brought in third-party security experts to ...

  • More PayPal emails hijacked to deliver tech support scams

    April 30, 2026

    Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices. In those cases, scammers created a PayPal subscription and then paused it, which triggered PayPal’s genuine “Your automatic payment is no longer ...

  • French prosecutors link 15-year-old to mega-breach at state’s secure document agency

    April 30, 2026

    French prosecutors say police detained a 15-year-old on April 25 over the alleged theft of millions of records from France Titres (ANTS), the agency handling secure documents. The Paris Prosecutor’s Office announced on Thursday that the minor, suspected of using the online alias “breach3d” and not named because French law protects minors, faces two computer crime ...

  • Hackers stole hundreds of thousands of Roblox accounts

    April 30, 2026

    More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date. Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 ...

  • Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak

    April 29, 2026

    Logistics technology company Pitney Bowes, which makes franking machines for US postage, is the latest scalp claimed by ShinyHunters and its ongoing spree of pay-or-leak attacks against major organizations. Data breach tracker Have I Been Pwned (HIBP) confirmed the breach on April 27, with 8.2 million unique email addresses included in the dump alongside names, phone ...