🟠 High  |  Source: The Register — Security


AdaptHealth, a US home healthcare equipment provider, suffered a data breach after attackers used social engineering to compromise a third-party contractor and gain access to cloud systems. The incident resulted in the theft of patient health information and insurance billing credentials. This highlights the persistent risk posed by vendor access to sensitive healthcare data held in cloud environments.

Security Architect’s Take: Review and tighten third-party contractor access to cloud environments by enforcing just-in-time (JIT) privileged access, phishing-resistant MFA (e.g. FIDO2), and continuous monitoring of contractor sessions — never rely on credential-based trust alone for suppliers handling regulated data.

Original advisory: AdaptHealth says attackers sweet-talked their way into cloud systems and stole patient data