
CybersecurityJul 2, 2026, 04:07 PM
AdaptHealth reports material cybersecurity incident, data exfiltrated
AI Summary
AdaptHealth Corp. is investigating a material cybersecurity incident where a threat actor gained unauthorized access to its cloud-based business applications and exfiltrated data. The incident, determined to be material on June 27, 2026, involved a social engineering attack that compromised a third-party contractor's user session. Exfiltrated data includes a stored password file for insurance billing, personally identifiable information, and protected health information of patients. The company has contained the incident and is investigating its full scope, but as of the filing date, it has not materially impacted operations or patient servicing, and AdaptHealth maintains cybersecurity insurance.
Key Highlights
- AdaptHealth determined a cybersecurity incident was material on June 27, 2026.
- Threat actor gained unauthorized access to cloud-based business applications.
- Communication from threat actor claiming data obtained was received on June 15, 2026.
- Exfiltrated data includes insurance billing password file, PII, and PHI.
- Incident resulted from a social engineering attack on a third-party contractor's user session.
- The incident has been contained, with compromised accounts disabled and credentials reset.
- As of the filing date, the incident has not materially impacted operations or patient servicing.
- Full financial impact is undetermined, but the company has cybersecurity insurance.
Price Impact
More from AHCO