AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Acer Philippines reports data breach in third-party vendor system
March 12, 2024
Acer Philippines confirmed through an official statement that a security breach occurred within a third-party vendor’s system. The vendor was responsible for managing Acer Philippines’ employee attendance data, and the breach resulted in the unauthorized access of this information. The company emphasized that this incident does not involve Acer Philippines customer databases. Customer data remains secure, ...
- CISA confirms it was breached by attackers using Ivanti flaws
March 11, 2024
One of the organizations compromised through a recently-discovered flaw in Ivanti products was, ironically enough, the US government’s Cybersecurity and Infrastructure Security Agency (CISA). Confirmation of the breach came from CISA itself, as well as from an anonymous source “with knowledge of the situation”, with a CISA spokesperson telling The Record the organization “identified activity indicating ...
- Microsoft admits Russian state hack still not contained
March 9, 2024
Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data. The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it ...
- Jersey data breach leaks personal information
March 7, 2024
A data breach at Jersey’s Financial Services Commission has allowed access to non-public names and addresses. The organisation confirmed a “vulnerability” was detected in its Registry system on 23 January. It said the leak did not link any individuals to registered entities or roles held and that it had separately written to those whose names and addresses ...
- Insurance giant Fidelity hit by data breach
March 6, 2024
Sensitive information belonging to tens of thousands of Fidelity Investments Life Insurance customers was stolen, reportedly thanks to a supply chain attack that happened in 2023. The insurance giant has filed a data breach notification with the Maine attorney general’s office in which it stated that 28,268 of its customers had their private data leaked after ...
- Wyze reports a new data breach
March 6, 2024
Security cameras have become very popular for people to plug into their home network, hoping this with deter burglars (or should a robbery happen, that some footage of the event will be captured). Yet how secure is the digital image data? Recently, Wyze users encountered a camera breach with the cybersecurity incident impacting some 13,000 users. ...

