AdaptHealth reports cybersecurity attack The data affected includes passwords associated with insurance billing and certain personally identifiable information

By HME News Staff
Updated 2:44 PM CDT, Mon July 6, 2026
CONSHOHOCKEN, Pa. – AdaptHealth is investigating a security incident whereby a threat actor gained unauthorized access to company systems and exfiltrated certain data, according to a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC).
The company says that upon learning of the incident, it promptly activated its incident response procedures, launched the investigation with the support of external advisors and cybersecurity experts to assess and contain the threat and notified law enforcement.
Based on the information obtained to date, the company believes:
- On June 15, 2026, the company received a communication from a threat actor claiming to have obtained certain data from the company’s cloud-based business applications, including certain internal patient management systems and document storage platforms.
- The company has confirmed that certain data was exfiltrated from its systems, including a stored password file associated with insurance billing.
- The company has also confirmed that certain external electronic health record system portals were accessed by the threat actor.
- The data affected includes passwords associated with insurance billing and certain personally identifiable information and protected health information of patients. The company does not collect Social Security numbers in the affected systems and does not store individual financial account information or payment card information in those systems.
AdaptHealth says the incident has not had a material impact on its operations and has not affected its ability to service patients. The company says it is unable to determine the full financial impact of the incident, including remediation and response costs, legal, regulatory and notification-related matters and possible effects on patients.
Comments