How Did the Adaptive Health Integrations Breach Occur? What’s Their Response?
According to a breach notice released by Adaptive Health Integrations, they had recently discovered that an “unauthorized individual” may have accessed data stored on its system. The incident, occurring on October 17, 2021, resulted from a network server hacking incident.
The notice states, “Upon learning of this issue, we contained the threat by disabling unauthorized access to our network and immediately commenced a prompt and thorough investigation. As part of our investigation, we worked very closely with external cybersecurity professionals. Through an extensive investigation and an internal review, which concluded on February 23, 2022, we determined that certain data containing your personal information was potentially accessed.”
It appears from the notice that the protected health information (PHI) potentially compromised varied on a per-patient basis. However, it is fair to assume that some patients’ Social Security numbers were involved as Adaptive Health Integrations is offering affected individuals free credit monitoring and identity theft protection for 12 months.
There was some speculation as to the legitimacy of the notices, as there is no evidence of a website for Adaptive Health Integrations in North Dakota. If they aren’t real, the fraudsters went through a lot of trouble to make their breach notice look real, going as far as to report the incident to the Department of Health and Human Services (HHS). The Adaptive Health Breach is listed for public view on the HHS Office for Civil Rights (OCR) portal. According to the portal, the breach was reported to them on April 11, 2022.