Article 76R58 AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data

AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data

by
from www.theregister.com - Articles on (#76R58)
Story ImageAdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing. The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals. The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company's cloud environment, where they accessed business applications holding sensitive data. AdaptHealth activated its incident response protocols soon after the attacker contacted the company on June 15 and disclosed the theft. It did not specify whether an extortion demand was made, nor whether one was paid, and no cybercrime group had claimed responsibility at the time of writing. The company's response included disabling the contractor's user account, resetting credentials, and implementing additional access controls. It believes the attack is now contained. In addition to the "password file associated with insurance billing," AdaptHealth confirmed that personally identifiable information (PII) and protected health information of certain patients were also stolen. Social Security numbers and payment details are not thought to be affected. On June 27, AdaptHealth determined that "due to the nature and potential volume of the data that is at risk," the attack can be considered material, requiring disclosure to the SEC. The company did not comment on the exact scale of the attack or the related data theft, but said investigations continue to determine the scope of the breach. It also said it "has since taken steps intended to mitigate the risk of dissemination of the exfiltrated data." The Register asked AdaptHealth for more information, including whether it received any extortion demands and what steps it took to reduce the risk of the stolen data being distributed or misused. Pennsylvania-based AdaptHealth provides home medical equipment and related services for patients with chronic and serious conditions. Founded in 2012, it specializes in respiratory, sleep, and diabetes therapies. According to a 2024 annual report, it serves more than 4.2 million patients across all 50 US states. (R)
External Content
Source RSS or Atom Feed
Feed Location http://www.theregister.co.uk/headlines.atom
Feed Title www.theregister.com - Articles
Feed Link https://www.theregister.com/
Reply 0 comments