AdaptHealth: Crooks stole our passwords, patient health data
AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data
Third-party contractor compromise exposed health information and insurance billing passwords
AdaptHealth says attackers used social engineering to breach its systems and steal sensitive patient data, including passwords associated with insurance billing.
The medical equipment company disclosed the attack to the Securities and Exchange Commission (SEC) on Thursday, noting that attackers accessed internal patient management systems, document storage platforms, and external electronic health record system portals.
The attack targeted an unwitting third-party contractor, through which the cybercriminals gained entry to the company's cloud environment, where they accessed business applications holding sensitive data.
AdaptHealth activated its incident response protocols soon after the attacker contacted the company on June 15 and disclosed the theft.
It did not specify whether an extortiondemand was made, nor whether one was paid, and no cybercrime group had claimed responsibility at the time of...
Copyright of this story solely belongs to theregister.com. To see the full text click HERE