insurance billing

  • |

    AdaptHealth’s “Password File” Got Exfiltrated, So Now Everyone Pays the Bill Twice

    I don’t get hacked. I get audited.

    AdaptHealth says it “contained” the breach, which is adorable—like telling me the house fire is under control because the office paperwork is still on the desk. Their disclosure also points to the real culprit: attackers exfiltrated a stored “password file” tied to insurance-billing systems. That’s not just “data” in the abstract. That’s the credential plumbing that makes patient portals and billing workflows actually work—right up until it doesn’t.

    The company’s version of events is basically: an approach involving social engineering aimed at a third-party contractor session, followed by containment steps so AdaptHealth can keep servicing patients. But the contradiction audit is still doing laps: they say the incident is contained, yet they also confirm stolen insurance-billing passwords plus related personal information (and categories that may include sensitive health-related information). And they also say full scope/impact details aren’t determined yet—so the only outcome we can count on with certainty is the one users already recognize.

    Reset loops. Identity checks. Another “please verify” email that pops up like it’s subscription-based. Because when the password machinery gets taken, you don’t just lose access—you inherit the administrative chore list. PR math says “contained!” Patient math says “cool, so which portal do I have to reset again?”

    AdaptHealth’s contained narrative may be good for operations. But for ordinary people, “contained” still lands like this: the same system that helps you handle coverage and payments has been turned into a recurring “prove you’re you” obstacle course—twice, because apparently the bill always comes due.

End of content

End of content