AdaptHealth has reported a significant data breach resulting from a social engineering attack that compromised sensitive patient information. The breach involved the theft of passwords associated with insurance billing and other personal health data.
Incident Overview
The medical equipment provider disclosed the incident to the Securities and Exchange Commission (SEC) on July 2, 2026. Attackers gained access to AdaptHealth’s internal patient management systems, document storage platforms, and external electronic health record portals through a third-party contractor. This contractor was manipulated by the cybercriminals, allowing them entry into the company’s cloud environment.
Response and Containment
Upon learning of the breach on June 15, AdaptHealth activated its incident response protocols. The company disabled the contractor’s user account, reset credentials, and implemented additional access controls to mitigate further risks. AdaptHealth believes that the attack has been contained, although it did not clarify whether any extortion demands were made or if any were paid.
Data Compromised
AdaptHealth confirmed that the breach involved the theft of a password file related to insurance billing, along with personally identifiable information (PII) and protected health information of certain patients. However, the company stated that Social Security numbers and payment details are not believed to be affected. The full scale of the data theft remains unclear as investigations are ongoing.
Regulatory Disclosure
On June 27, AdaptHealth assessed the situation and determined that the nature and potential volume of the data at risk warranted a material disclosure to the SEC. The company has indicated that it is taking steps to mitigate the risk of the exfiltrated data being disseminated.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.








