Hackers trick contractor to breach AdaptHealth and steal patient data
A successful social engineering attack allowed threat actors to steal passwords associated with insurance billing.

Image by Cybernews
- AdaptHealth said attackers used social engineering to access a third-party contractor session and enter its cloud business applications.
- Hackers accessed patient management and document storage systems, stealing patient information and passwords tied to insurance billing.
- The company said the breach was material and disclosed it to the SEC, though the full scope remains unknown.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
AdaptHealth, a US network of medical equipment companies, said threat actors used a social engineering attack to trick a third-party contractor, gaining access to the company's cloud environment and stealing patient data.
A successful social engineering attack compromised a user session associated with a third-party contractor, allowing attackers to gain access to some of the company's cloud-based business applications.
AdaptHealth said that upon detection, it had disabled the affected account, reset the credentials, and implemented additional access controls to contain the incident.
The company added that it determined on June 27th that the incident is material because of its nature and potential volume of the data at risk, requiring disclosure to the SEC.
According to the SEC filing, hackers accessed internal patient management systems and document storage platforms and stole passwords associated with insurance billing. The affected data also included certain personally identifiable information and protected health information of patients.
In the filing, AdaptHealth noted that it doesn’t collect Social Security numbers from patients and doesn’t store individual financial account information or payment card information in those systems.
The company is currently working with external forensics teams to investigate the nature of the attack. The full scope of the breach and the volume of affected data have not yet been determined, but AdaptHealth said it had taken measures to prevent the potential dissemination of data.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
As of now, no hacker group has claimed responsibility for the breach, and AdaptHealth did not specify whether it has received a ransom demand or made a payment.
“At this time, the Company is unable to determine the full financial impact of the incident, including remediation and response costs, legal, regulatory and notification-related matters, and possible effects on patients, counterparties and the Company’s reputation. The Company maintains cybersecurity insurance that may cover certain losses associated with the incident."the SEC filing
Yet, AdaptHealth said that the incident did not disrupt its ability to serve patients.