Home / Technology

Photo of research lab, person at computer, medical device
Image: via image.theregister.com
Technology

AdaptHealth Reports Patient Data Breach via Social Engineering Attack

WireByte Staff · July 3, 2026

AdaptHealth has disclosed a data breach after attackers used social engineering to breach its cloud systems and steal sensitive patient data, including passwords and personally identifiable information. The attack targeted a third-party contractor, and the company believes it is now contained. The incident highlights the risks of social engineering attacks on cloud environments.

Key points

  • AdaptHealth, a medical equipment company, reported a data breach after attackers used social engineering to breach its cloud systems.
  • The attackers stole sensitive patient data, including passwords and personally identifiable information (PII), through a third-party contractor.
  • The company activated its incident response protocols on June 15 and believes the attack is now contained.
  • AdaptHealth has reset credentials, disabled the contractor's user account, and implemented additional access controls.

AdaptHealth, a medical equipment company, has disclosed a data breach after attackers used social engineering to breach its cloud systems. The breach occurred when attackers targeted a third-party contractor, who unwittingly provided access to the company's cloud environment. The attackers stole sensitive patient data, including passwords and personally identifiable information (PII).

The company activated its incident response protocols on June 15 and has taken steps to contain the breach. AdaptHealth has reset credentials, disabled the contractor's user account, and implemented additional access controls to prevent future attacks.

The incident highlights the risks of social engineering attacks on cloud environments. Social engineering attacks often rely on tricking individuals into providing access to sensitive systems or data. In this case, the attackers used social engineering to breach AdaptHealth's cloud systems and steal sensitive patient data.

The company has not specified whether an extortion demand was made or whether one was paid. No cybercrime group has claimed responsibility for the attack. The incident is a reminder of the importance of robust security measures and incident response protocols to prevent and respond to data breaches.

Sources

WireByte Staff — Editorial Team

The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.