AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- 23andMe settles data breach lawsuit for $30 million
September 14, 2024
23andMe will pay $30 million and provide three years of security monitoring to settle a lawsuit accusing the genetics testing company of failing to protect the privacy of 6.9 million customers whose personal information was exposed in a data breach last year. The accord also resolves accusations that 23andMe did not tell customers with Chinese and ...
- I stole 20 GB of data from Capgemini – and now I’m leaking it, says cybercrook
September 13, 2024
A miscreant claims to have broken into Capgemini and leaked a large amount of sensitive data stolen from the technology services giant – including source code, credentials, and T-Mobile’s virtual machine logs. The French multinational IT and consulting firm did not immediately respond to The Register’s request for comment, and has yet to formally confirm or ...
- Fortinet confirms data breach after allegedly refusing to pay ransom
September 13, 2024
In an announcement posted on Fortinet’s website, the company said that someone gained access to a “limited number of files” stored on its instance of an unnamed third-party cloud-based shared file drive. The files included “limited data related to a small number of Fortinet customers,” the announcement added, stating that this affects less than 0.3% of ...
- Data breach gives hackers access to 1.7 million people’s credit card details
September 10, 2024
Canadian payment gateway provider Slim CD was hit by a cyberattack which has affected almost 1.7 million US and Canadian users. The company first detected suspicious activity in its system on June 15 2024, however an investigation revealed the system had first been breached on August 17 2023, meaning hackers had access to its network for ...
- Nearly 1M Medicare beneficiaries potentially affected after data breach
September 10, 2024
Nearly 1 million Medicare beneficiaries are being warned that their personal information may have been compromised in a cybersecurity incident last year. The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS), the contractor that utilized the affected MOVEit software, said last week that 946,801 people on Medicare were notified that ...
- Thousands of Avis car rental customers had personal data stolen in cyberattack
September 9, 2024
Car rental giant Avis is notifying hundreds of thousands of people that their personal information and driver’s license numbers were stolen in an August cyberattack. The New Jersey-headquartered company said in a data breach notice filed with several U.S. attorneys general over the past week that it discovered intruders in one of its business applications on ...

