AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Golden Corral Corporation Provides Notice of Data Privacy Event

    February 29, 2024

    Golden Corral Corporation is notifying certain individuals of a recent incident that may impact the privacy of past and present employees, dependents, and beneficiary personal information. Golden Corral is unaware of any misuse of the information and is providing notice to potentially affected individuals out of an abundance of caution. On or about August 15, 2023, ...

  • Ireland: Dept of Foreign Affairs investigating potential cybersecurity incident

    February 29, 2024

    The Department of Foreign Affairs (DFA) has said that it is investigating a potential cybersecurity incident involving its systems. The DFA said that it was notified by Ireland’s National Cyber Security Centre (NCSC) yesterday about the possible security breach and is working closely with the NCSC to establish whether this allegation is authentic. It follows reports ...

  • A ransomware gang claims to have hacked nearly 200GB of Epic Games internal data

    February 28, 2024

    A ransomware gang claims to have hacked Epic Games, saying it has nearly 200 gigabytes of internal data. Reportedly, the gang, which goes by the name Mogilevich, posted a message on its darknet leak site giving more information on its claimed leak of the Fortnite and Epic Games Store company. “We have quietly carried out an ...

  • Pharma giant Cencora hit by major cyberattack

    February 28, 2024

    Cencora has confirmed suffering a data breach earlier this month which resulted in the theft of sensitive, personal data. Cencora is a drug wholesale company and a contract research firm that was previously known as Amerisource Bergen. It was formed in 2001, after the merger of Bergen Brunswig and AmeriSource. Read more… Source: MSN News  

  • A first analysis of the i-Soon data leak

    February 21, 2024

    Data from a Chinese cybersecurity vendor that works for the Chinese government has exposed a range of hacking tools and services. Although the source is not entirely clear, it seems that a disgruntled staff member of the group leaked the information on purpose. The vendor, i-Soon (aka Anxun) is believed to be a private contractor that ...

  • Sharp rise in cyber attacks at UK law firms as hackers eye sensitive data

    February 21, 2024

    The number of reported cyber attacks on UK law firms has increased 36 per cent over the past year. According to data by speciality reinsurance group Chaucer, there were 166 reported cyber breaches in 2021/22, this number jumped to 226 for 2022/23 (as of 30 September). Chaucer says that the large number of attacks against law ...