AdaptHealth Corp. reports a material cybersecurity incident involving patient data. A threat actor gained unauthorized access to certain cloud-based business applications, including internal patient management systems and document storage platforms, via a social engineering attack on a third-party contractor’s user session.
The company confirmed exfiltration of a stored password file tied to insurance billing and access to external electronic health record portals, affecting passwords and some patients’ personally identifiable and protected health information. The affected systems do not contain Social Security numbers or individual financial account or payment card data.
AdaptHealth has disabled the compromised account, reset credentials, added access controls, engaged external cybersecurity experts and notified law enforcement. As of this report, operations and patient services have not been materially impacted, though the full scope of data involved and the financial impact remain under investigation. The company notes that cybersecurity insurance may cover certain losses.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.