AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company’s cloud environment, where they accessed business applications holding sensitive data.
Read more…
Source: The Register
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Cyberattack forces First American to take some IT systems offline
December 22, 2023
First American, one of the largest insurance companies in the United States, suffered a malware attack that forced the company to shut some of its systems down, including its website. At press time, the official website firstam.com was still offline, while a dedicated notification site – firstamupdate.com – was set up. There is a short notification ...
- Lapsus$: GTA 6 hacker handed indefinite hospital order
December 22, 2023
An 18-year-old hacker who leaked clips of a forthcoming Grand Theft Auto (GTA) game has been sentenced to an indefinite hospital order. Arion Kurtaj from Oxford, who is autistic, was a key member of international gang Lapsus$. The gang’s attacks on tech giants including Uber, Nvidia and Rockstar Games cost the firms nearly $10m. The judge ...
- Here’s Why You’ll Hear About a Lot More Data Breaches in 2024
December 20, 2023
Cybersecurity incidents are constantly in the news these days, but you’ll soon be hearing about a lot more of them. That’s because a new rule from the Securities and Exchange Commission went into effect on Monday, requiring all public companies to report data breaches in just four days. The new SEC rule requires public companies to ...
- Mr. Cooper leaks personal data of 14 million loan and mortgage customers
December 19, 2023
A major mortgage and loan company based in Dallas, working under the name Mr. Cooper Group Inc. has released more information on a recent breach. In a data breach notification, the company didn’t say what type of cyberattack caused the compromise of customer data, calling it a rather non-descriptive “External system breach (hacking).” For those unfamiliar ...
- Xfinity discloses a data breach but doesn’t say how many users are affected
December 18, 2023
Xfinity is notifying customers of a “data security incident” it says resulted in the theft of customer information, including usernames, passwords, contact information, and more. In a notice on Monday, Xfinity says “there was unauthorized access” to its systems from October 16th to October 19th, 2023. Xfinity traces the breach to a security vulnerability disclosed by ...
- U.K. MoD breach of Afghans’ data ‘could have posed threat to life in Taliban’s hands’
December 13, 2023
The Ministry of Defence has been fined £350,000 for an “egregious” data breach that exposed the personal information of Afghan nationals seeking to flee to the UK after the Taliban takeover. Details belonging to 265 people were mistakenly copied in to emails sent by the Government, meaning they could be seen by all recipients, the Information ...

