AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • LockBit demands $25 million from Canadian pharmacy chain London Drugs after ransomware attack

    May 23, 2024

    The recent cyber-incident against Canadian pharmacy chain London Drugs was indeed a full-blown ransomware attack, with sensitive data being stolen, and a major ransom being demanded, the company has confirmed. In a statement given to The Register, the company said it had been hit, but stressed it also had no intention of paying the ransom demand. ...

  • Optus sued by regulator over 2022 cyber-attack

    May 23, 2024

    Australia’s Communications and Media Authority (ACMA) has begun legal action against Optus, the country’s second largest telco, over a data breach it suffered in 2022. The watchdog has filed legal proceedings to the Federal Court, alleging that Optus “failed to protect the confidentiality of its customers’ personal information from unauthorised interference or unauthorised access,” and was ...

  • London council warns residents’ data may have been compromised by cyber attack on healthcare provider

    May 22, 2024

    A London council has warned residents their personal data may have been compromised after a healthcare provider was hit by a cyber attack. The City of London Corporation said it is working with NRS Healthcare to understand the extent of the breach, and will be in contact with any residents whose information has been taken. The ...

  • Patriot Mobile Suffers Data Breach Impacting Subscriber’s Personal Data

    May 21, 2024

    U.S. mobile service provider Patriot Mobile fell victim to a security incident resulting in the leak of subscriber details including names, email addresses, zip codes, and account PINs, as reported by TechCrunch. The operator, Patriot Mobile, which boasts itself as a “Christian conservative wireless provider” with an estimated customer base under 100,000, has been seen endorsing ...

  • Western Sydney University staff, students caught in cyber attack

    May 21, 2024

    About 7500 staff and students have been caught up in a massive cyber attack at Western Sydney University. Police are investigating the breach, which the university says dates as far back as May 2023, when an unauthorised party got into the Microsoft Office system and accessed email accounts and SharePoint files. WSU says they have not ...

  • Medusa announced attack on John R. Wood Christie’s International Real Estate group

    May 20, 2024

    No patron information was compromised in a recent ransomware attack against John R. Wood Christie’s International Real Estate by a cyber gang known as Medusa, according to the company. Medusa announced the attack on its site, claiming it had stolen more than 1 terabyte of Wood data. The gang demanded $2 million from the real estate ...