AdaptHealth, a medical equipment company, has disclosed a breach of its cloud systems, resulting in the theft of sensitive patient data, including passwords associated with insurance billing. Attackers used social engineering tactics to trick a third-party contractor into granting them access to the company's cloud environment, where they then accessed internal patient management systems, document storage platforms, and external electronic health record system portals. The breach was disclosed to the Securities and Exchange Commission, highlighting the evolving nature of cyber attacks. The fact that attackers were able to use social engineering to gain access to the company's systems through a third-party contractor raises concerns about the vulnerability of supply chains to such attacks1. This breach matters to practitioners because it signals potential downstream regulatory and supply-chain effects, emphasizing the need for robust security measures to protect against social engineering tactics.
AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data
⚡ High Priority
Why This Matters
A breach involving SEC signals evolving attack methods — watch for downstream regulatory and supply-chain effects.
References
- The Register. (2026, July 3). AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data. *The Register*. https://www.theregister.com/security/2026/07/03/adapthealth-crooks-stole-our-passwords-patient-health-data/5266512
Original Source
The Register
Read original →