AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ireland fines Meta 91 mn euros over EU data breach

    September 27, 2024

    An Irish regulator helping to police European Union data privacy said Friday it had fined Facebook-owner Meta 91 million euros ($102 million) for password-security breaches. The Data Protection Commission criticised Meta for failing to put in place appropriate security measures to protect users’ password data and for taking too long to alert the regulator over the ...

  • UK data watchdog investigating MoneyGram data breach

    September 27, 2024

    The U.K.’s data protection regulator has confirmed it’s investigating MoneyGram after receiving a data breach report from the U.S.-based money transfer giant. The U.K.’s Information Commissioner’s Office, which requires that organizations report data breaches within 72 hours of discovering the incident, confirmed to TechCrunch on Friday that the watchdog had received a report from MoneyGram following ...

  • Australia’s biggest medical imaging provider I-MED data breach exposes tens of thousands of patient files

    September 26, 2024

    Tens of thousands of patients from Australia’s biggest medical imaging provider I-MED have had swaths of sensitive health and personal information exposed in a data breach using details that have been public for a year. This information includes medical reports, scan images, names, addresses and other details that were stored in I-MED’s internal systems, which were ...

  • 100 million+ US citizens have records leaked by background check service

    September 23, 2024

    A background check left a huge database unprotected online containing 2.2TB of people’s data, according to research by Cybernews. The database was left passwordless and easily accessible to anyone on the internet by background check firm MC2 Data. MC2 Data gathers publicly available data to provide decision makers with information whether someone can rent a house, ...

  • UK: Customer data exposed in Harvey Nichols data breach

    September 22, 2024

    Luxury British department store has announced that it has been the victim of a data breach, in a notification sent to affected customers. The incident, which the store discovered on 16th September, involved the compromise of sensitive data such as names, email addresses, phone numbers and home addresses. Read more… Source: Computing News Sign up for our Newsletter Related:

  • Philippines: Department of Foreign Affairs concerned over data breach at passport printing unit

    September 21, 2024

    The Department of Foreign Affairs (DFA) of the Philippines has announced that they’re really concerned over the data breach at APO Production Unit – a government-owned and controlled corporation (GOCC) in charge of printing passports. During a Senate finance subcommittee hearing on the agency’s proposed budget for 2025, DFA Office of Consular Affairs Assistant Secretary Adelio ...