AdaptHealth NASDAQ:AHCO said on Thursday it is investigating a cybersecurity incident in which a "threat actor" gained unauthorized access to some company systems and stole data, including patient information and passwords tied to insurance billing.
The company said it determined on June 27 the incident was material because of the nature and potential volume of data at risk, though it has not affected its operations or ability to service patients.
Here are further details: -
The attacker accessed certain cloud-based business applications, including internal patient management systems and document storage platforms, the company said in a regulatory filing.
AdaptHealth said it received a communication from the "threat actor" on June 15, claiming to have obtained data from its systems, and later confirmed that certain data had been exfiltrated.
The affected data includes passwords associated with insurance billing, as well as certain personally identifiable information and protected health information of patients. The company said it does not collect Social Security numbers in the affected systems and does not store individual financial account or payment card information there.
The incident stemmed from a successful social engineering attack that compromised a user session linked to a third-party contractor, AdaptHealth said.
The company said it has contained the incident by disabling the compromised account, resetting affected credentials and adding access controls, while continuing to assess the scope with external forensic teams.
AdaptHealth said it cannot yet determine the full financial impact, including remediation, legal, regulatory and notification costs, as well as possible reputational effects. The company said it maintains cybersecurity insurance that may cover certain losses.