Cyber Incident Victim: Adaptive Health Integrations

On October 17, 2021, an unauthorized individual potentially accessed a network server operated by Adaptive Health Integrations, a North Dakota-based provider of laboratory information system (LIS) software and billing services. The breach investigation, concluded on February 23, 2022, determined the incident involved a limited amount of personal information, though specific data types were redacted from public notifications. Adaptive Health Integrations disabled unauthorized network access upon discovering the intrusion, containing the threat before initiating a formal investigation. The Office for Civil Rights (OCR) recorded the breach submission date as April 11, 2022, complying with HIPAA’s 60-day reporting requirement for breaches affecting over 500 individuals. This incident impacted 510,574 people, ranking as the third-largest healthcare data breach reported in 2022 at the time of disclosure.

The compromised server supported billing and revenue cycle management services integrated with a major clearinghouse for electronic claims processing. Impacted individuals received breach notifications through the Montana Attorney General’s Office, accompanied by complimentary identity monitoring services administered by Kroll. Adaptive Health Integrations publicly apologized for the incident, emphasizing ongoing efforts to enhance security protocols and safeguard personal information. The organization’s website displayed incomplete contact details at the time of reporting, including WordPress default placeholders instead of business-specific information. No operational disruptions or additional attacker actions beyond the initial server access were described in the notification. The company reiterated its commitment to modifying practices to strengthen data privacy without specifying technical or procedural changes implemented post-breach.