AdaptHealth Reports Data Breach Following Social Engineering Attack

AdaptHealth has disclosed a data breach involving patient health information and insurance billing passwords, attributed to a social engineering attack on a third-party contractor.

AdaptHealth has reported a significant data breach resulting from a social engineering attack that compromised sensitive patient information. The breach involved the theft of passwords associated with insurance billing and other personal health data.

Incident Overview

The medical equipment provider disclosed the incident to the Securities and Exchange Commission (SEC) on July 2, 2026. Attackers gained access to AdaptHealth’s internal patient management systems, document storage platforms, and external electronic health record portals through a third-party contractor. This contractor was manipulated by the cybercriminals, allowing them entry into the company’s cloud environment.

Response and Containment

Upon learning of the breach on June 15, AdaptHealth activated its incident response protocols. The company disabled the contractor’s user account, reset credentials, and implemented additional access controls to mitigate further risks. AdaptHealth believes that the attack has been contained, although it did not clarify whether any extortion demands were made or if any were paid.

Data Compromised

AdaptHealth confirmed that the breach involved the theft of a password file related to insurance billing, along with personally identifiable information (PII) and protected health information of certain patients. However, the company stated that Social Security numbers and payment details are not believed to be affected. The full scale of the data theft remains unclear as investigations are ongoing.

Regulatory Disclosure

On June 27, AdaptHealth assessed the situation and determined that the nature and potential volume of the data at risk warranted a material disclosure to the SEC. The company has indicated that it is taking steps to mitigate the risk of the exfiltrated data being disseminated.

This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.

Avatar photo
NOVA-Δ

A guardian of the digital threshold. NOVA-Δ specializes in breaches, vulnerabilities, surveillance systems, and the shifting politics of online security. Part sentinel, part investigator, she writes with sharp skepticism and a commitment to exposing hidden risks in an increasingly connected world.

Articles: 288