AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Major data breach impacts Australian hardware store

    September 19, 2024

    About 40,000 customers of a major hardware chain have had their data leaked by hackers, including credit card details, mobile numbers and email addresses. Total Tools has fallen victim to a cyber attack which was first identified earlier this week. Total Tools chief executive Richard Murray said on Thursday they were confident the cause of the ...

  • Indonesia’s tax agency probes alleged personal data breach

    September 19, 2024

    Indonesia’s tax agency is investigating an alleged data breach that exposes the taxpayer identification numbers of millions of Indonesians, including President Joko “Jokowi” Widodo, his ministers and his two sons, an official said. A series of cyber-attacks have hit Indonesian companies and government agencies in the past few years, which experts attribute to the government’s lax ...

  • Cyber attack on city of Wichita limited to police records, internal investigation finds

    September 19, 2024

    A ransomware attack that crippled the city of Wichita’s network for more than a month starting in May was limited to a Wichita Police Department records system, city officials said Wednesday. That means the Russian hacker group — LockBit — that claimed credit for the attack did not access bank card numbers, social security numbers or ...

  • Hacker claims to have for sale 87 million strong database after suspected Temu breach

    September 18, 2024

    A cybercriminal claims to have breached Temu and stolen millions of customer records, but the ecommerce giant is vehemently denying the claims. A hacker with the alias ‘smokinthashit’ took to BreachForums, one of the most popular underground forums out there, and advertised a new database, allegedly stolen from the company. “Temu company database for sale. +87M ...

  • Almost 500GB of data allegedly leaked in RansomHub attack on Kawasaki

    September 18, 2024

    Kawasaki Motors Europe (KME) recently released a statement confirming it was the victim of a cyber attack. The attack caused significant service disruptions as the cybercriminals threatened to release stolen data. KME confirmed, “At the start of September, Kawasaki Motors Europe (KME) was the subject of a cyberattack which, although not successful, resulted in the company’s ...

  • AT&T to pay $13 million to settle FCC probe over cloud data breach

    September 17, 2024

    AT&T has agreed to pay $13 million to settle a federal investigation into whether the mobile phone service provider failed to protect customer information in connection with a data breach last year, the Federal Communications Commission said Tuesday. The FCC’s probe focused on how AT&T’s privacy, cybersecurity and vendor management practices may have played a role ...