AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • UK: Warning to ‘stay on guard’ after Leicester council cyber-attack

    April 5, 2024

    People have been told to “stay on their guard” after a cyber-attack on Leicester City Council. Police were alerted after the authority was forced to disable its phone and computer systems on 7 March. While about 25 documents have been posted by the apparent attackers, they claim to have a much larger number. Read more… Source:,BBC News  

  • OWASP Foundation reveals data breach following Wiki web server issue

    April 2, 2024

    The Open Worldwide Application Security Project (OWASP) suffered a data breach in late February 2024 resulting in the exposure of sensitive data belonging to some of its members. In an announcement published on the OWASP website, Executive Director Andrew van der Stock confirmed the breach and explained that it happened due to a misconfiguration of an ...

  • Prudential Financial February incident exposed data of nearly 37K customers

    April 2, 2024

    Prudential Financial disclosed that 36,545 individuals had personal information stolen in an early February breach that was claimed by ALPHV/BlackCat, the group also responsible for the Change Healthcare ransomware attack. In a letter to consumers March 29, the large insurance company said the stolen personal data includes names, addresses, driver’s license numbers, and non-driver identification card ...

  • Top yacht retailer MarineMax says cyberattack led to major online data breach

    April 2, 2024

    MarineMax has confirmed suffering a cyberattack, thought to be ransomware, in which threat actors stole sensitive customer information. In an 8-K form, filed with the Securities and Exchange Commission (SEC) on April 1, the company, one of the leading yacht sellers worldwide, said a third party “gained unauthorized access to portions of our information environment.” Read more… Source: ...

  • AT&T data breach: Millions of customers’ data found on dark web

    March 30, 2024

    AT&T announced on Saturday it is investigating a data breach involving the personal information of more than 70 million current and former customers leaked on the dark web. According to information about the breach on the company’s website, 7.6 million current account holders and 65.4 million former account holders have been impacted. An AT&T press release ...

  • Massachusetts healthcare provider warns patients of data breach

    March 29, 2024

    A Massachusetts healthcare provider is warning patients of a recently discovered data breach that compromised some personal information. Brigham and Women’s Physician Organization, a Mass General Brigham Incorporated member, is notifying individuals of an incident it became aware of on Jan. 29, 2024, involving some patients’ personal information. Read more… Source: MSN News