AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data


AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.

The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.

The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.

Read more…
Source:  The Register


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Kenya Airways suffers passenger data breach in cyber attack

    January 9, 2024

    Cybercriminals attacked Kenya Airways’ (KQ) information systems and obtained sensitive information, including contact details and identification documents, of passengers and staff of the airline, an authoritative source at KQ has confirmed. The cyber attack, which occurred late last month, led to unauthorised access to police investigation reports, phone numbers, email addresses, and passports of an unspecified ...

  • Top legal firm specializing in data breaches…hit by data breach

    January 6, 2024

    Top legal firm that specializes in helping other organizations in the aftermath of a data breach has ironically suffered one such incident itself. Orrick, Herrington & Sutcliffe has sent out a breach notification letter to affected individuals, confirming it had been the victim of an intrusion that happened in March 2023. Read more… Source: MSN News  

  • Freight giant Estes confirms data breach, but says it won’t pay ransom

    January 5, 2024

    The October 2023 cyberattack against Estes Express Lines was indeed ransomware, but the company has paid no ransom demand as yet. The company confirmed the news in an email recently sent to affected customers. As per the email, sent to roughly 21,000 people, threat actors accessed the company’s IT infrastructure on October 1, 2023, and managed ...

  • 23andMe blames “negligent” breach victims, says it’s their own fault

    January 4, 2024

    In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors managed to access ...

  • Orange suffers cyber attack affecting clients’ internet access in Spain

    January 3, 2024

    The Spanish unit of telecoms provider Orange on Wednesday suffered a cyber attack that affected an undisclosed number of clients who could not access certain websites, a company spokesperson said. The unauthorized access to Orange’s IP network coordination centre has been mostly solved and was neutralized by Orange, the second largest telecoms provider in Spain, the ...

  • Australia: Cyber attack on Victoria’s court system may have exposed recordings of sensitive cases

    January 1, 2024

    Victoria’s court system has been hit by a ransomware attack, which an independent expert believes was orchestrated by Russian hackers. A spokesperson for Court Services Victoria (CSV) said hackers accessed an area of the court system’s audio-visual archive. That would mean recordings of hearings including witness testimony from highly sensitive cases may have been accessed or ...