AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Change Healthcare faces another ransomware threat – and it looks credible

    April 12, 2024

    For months, Change Healthcare has faced an immensely messy ransomware debacle that has left hundreds of pharmacies and medical practices across the United States unable to process claims. Now, thanks to an apparent dispute within the ransomware criminal ecosystem, it may have just become far messier still. In March, the ransomware group AlphV, which had claimed ...

  • Dutch chipmaker Nexperia hacked by cyber criminals

    April 12, 2024

    Dutch-headquartered chipmaker Nexperia was victim of a hacking attack by cyber criminals last month, the Chinese-owned company said on Friday, and was investigating the incident with the help of outside specialists. The company did not say if it had suffered any damage or losses as a result of the hack, but RTL said the cyber criminals ...

  • Roku says more than 500,000 accounts impacted in cyberattack

    April 12, 2024

    Streaming service provider Roku said on Friday it identified a second cyberattack that impacted about 576,000 additional accounts while investigating a breach that affected 15,000 user accounts earlier this year. The company, which had more than 80 million active accounts, said the hackers did not gain access to any sensitive information such as full credit card ...

  • Northern Ireland: No disciplinary action over multimillion-pound PSNI data breach

    April 11, 2024

    Jon Boutcher said the error that is set to cost hundreds of millions of pounds was due to a systems failure, as he insisted he not would preside over a “blame culture” within the PSNI. In August last year the details of almost 9,500 PSNI officers and staff were mistakenly published in response to a Freedom ...

  • Government Consulting Firm GMA Reports a Massive Data Breach That Revealed 341,650 Social Security Numbers

    April 10, 2024

    In the ever-evolving digital landscape, where data breaches seem to be more of a certainty than a possibility, the recent revelation by Greylock McKinnon Associates (GMA) marks a significant moment of concern for privacy advocates, cybersecurity professionals, and individuals alike. The breach, exposing a staggering 341,650 Social Security numbers, has cast a spotlight on the urgent ...

  • NHS board warns patients of further data leak after cyber attack

    April 9, 2024

    An NHS board has warned patients that further personal information could be leaked by cyber criminals who stole medical data in a major cyber attack. A large amount of confidential data was taken from NHS Dumfries and Galloway during a sustained hacking attack. Last week, INC Ransom, an extortion operation, posted a message on its dark ...