AdaptHealth Flags Material Breach After Threat Actor Accessed Patient Management Systems
AdaptHealth Corp. (NASDAQ: AHCO ) on Thursday disclosed that it is investigating a cybersecurity incident after a threat actor gained unauthorized access to certain company systems and exfiltrated data. The company classified the event as material because of the nature and potential volume of information at risk. The healthcare-at-home solutions provider offers home medical equipment, medical supplies, and related services for sleep, respiratory, diabetes, and wellness. Read Also: iRhythm Investigates Cyber Incident after Hackers Claim Access to Sensitive Data Threat Actor Accessed Patient Management Systems The home health company, in an SEC filing on Thursday, said it activated its incident response procedures immediately after identifying the incident. According to the company, it determined on June 27 that the incident was material while the investigation remains ongoing. Based on...
AdaptHealth Corp. (NASDAQ: AHCO ) on Thursday disclosed that it is investigating a cybersecurity incident after a threat actor gained unauthorized access to certain company systems and exfiltrated data.
The company classified the event as material because of the nature and potential volume of information at risk.
The healthcare-at-home solutions provider offers home medical equipment, medical supplies, and related services for sleep, respiratory, diabetes, and wellness.
Read Also: iRhythm Investigates Cyber Incident after Hackers Claim Access to Sensitive Data Threat Actor Accessed Patient Management Systems The home health company, in an SEC filing on Thursday, said it activated its incident response procedures immediately after identifying the incident.
According to the company, it determined on June 27 that the incident was material while the investigation remains ongoing.
Based on findings to date, the threat actor gained unauthorized access to certain cloud-based business applications, including internal patient management systems and document storage platforms.
AdaptHealth said it received a communication from the threat actor on June 15, 2026, claiming to have obtained company data.
The company has since confirmed that certain information was exfiltrated, including a stored password file associated with insurance billing.
It also confirmed that the attacker accessed certain external electronic health record system portals.
AdaptHealth Says Social Security Numbers Were Not Stored The affected data includes insurance billing passwords, along with certain patient personally identifiable information and protected health information.
However, the company said the affected systems did not contain Social Security numbers, individual financial account information, or payment card information.
AdaptHealth attributed the incident to a social engineering attack that compromised a user session belonging to a third-party contractor.
Following detection, the company deactivated the compromised account, reset affected credentials, and implemented additional access controls.
It added that the incident has been contained while external forensic teams continue investigating the scope of the breach.
Financial Impact Still Under Review The company said it has not yet determined the full volume of affected data and continues to assess the overall scope of the incident.
It also said it has taken additional measures intended to reduce the risk of the exfiltrated data being disseminated.
As of the filing date, AdaptHealth said the cybersecurity incident has not materially affected its operations or its ability to serve patients.
In June, Novo Nordisk A/S (NYSE: NVO ) said it is investigating claims by cyber extortion group FulcrumSec, which alleges it stole more than a terabyte of data from the pharmaceutical company and is considering selling portions of the information after an $25 million ransom demand.
AHCO Stock Price Activity: AdaptHealth shares were down 4.46% at $10.28 at the time of publication on Monday, according to Pro data.
Photo: Pormezz/Shutterstock Read Also: Unum Slashes Long-Term Care Exposure With $3.8 Billion Reinsurance Deal