AdaptHealth Cybersecurity Incident Exposes Patient Data and Billing Passwords

AdaptHealth Cybersecurity Incident Exposes Patient Data and Billing Passwords

First seen 3 Jul 2026, 15:43 UTC StocktitanTheregister 83% similarity 51.9

Article Content

Browse articles
ThreatCluster

AdaptHealth Corp. reported a material cybersecurity incident involving unauthorized access to its cloud-based systems, specifically targeting internal patient management and document storage platforms. The breach occurred through a social engineering attack on a third-party contractor, leading to the exfiltration of a password file linked to insurance billing and some patients' personally identifiable information (PII). No Social Security numbers or financial account data were compromised. The company activated its incident response protocols, disabling the compromised account, resetting credentials, and enhancing access controls. As of now, operations and patient services remain unaffected, but the full scope and financial impact of the breach are still under investigation. AdaptHealth has engaged external cybersecurity experts and notified law enforcement regarding the incident.

Key Points: • AdaptHealth experienced a significant data breach due to a social engineering attack on a third-party contractor. • Sensitive patient data, including billing passwords and PII, was exfiltrated, but no financial data was compromised. • The company has activated incident response measures and is investigating the full scope of the breach.

ThreatCluster AI

Timeline

2026-06-15
Attackers contacted AdaptHealth
Cybercriminals disclosed the theft of sensitive data to AdaptHealth, prompting an incident response.
Theregister
2026-06-27
AdaptHealth reported material breach to SEC
The company disclosed the breach to the SEC, indicating the potential volume of affected data.
Stocktitan
2026-07-02
Public disclosure of cybersecurity incident
AdaptHealth publicly reported the breach, detailing the unauthorized access and data exfiltration.
Stocktitan
2026-07-03
Further details published by The Register
The Register provided additional insights into the breach, including the attack vector and response measures taken by AdaptHealth.
Theregister

Community

Browse all →