Material Cybersecurity Incident Disclosure |
Jun. 27, 2026 |
|---|---|
| Material Cybersecurity Incident [Line Items] | |
| Material Cybersecurity Incident Nature [Text Block] | AdaptHealth Corp. (the “Company”) is investigating a security incident whereby a threat actor gained unauthorized access to Company systems and exfiltrated certain data therefrom. Upon learning of the incident, the Company promptly activated its incident response procedures, launched the investigation with the support of external advisors and cybersecurity experts to assess and contain the threat and notified law enforcement. While the investigation is ongoing, the Company has been able to confirm certain facts about the incident, and on June 27, 2026, the Company determined that the incident is material, due to the nature and potential volume of the data that is at risk. Specifically, based on information obtained to date, the Company believes that a threat actor gained unauthorized access to certain of the Company’s cloud-based business applications, including certain internal patient management systems and document storage platforms. On June 15, 2026, the Company received a communication from a threat actor claiming to have obtained certain data from the Company’s systems. The Company has confirmed that certain data was exfiltrated from its systems including a stored password file associated with insurance billing; the Company also has confirmed that certain external electronic health record system portals were accessed by the threat actor. The data affected includes passwords associated with insurance billing and certain personally identifiable information and protected health information of patients. The Company does not collect Social Security numbers in the affected systems and does not store individual financial account information or payment card information in those systems. The incident was the result of a successful social engineering attack that compromised a user session associated with a third-party contractor. Following detection, the Company promptly implemented containment measures, including disabling the compromised user account, resetting affected credentials, and implementing additional access controls, and the incident has been contained. The Company is continuing to investigate the nature and scope of the incident with external forensics teams. The full scope of affected data sets has not yet been determined, and specific information regarding the volume of data at issue is not yet available. The Company has since taken steps intended to mitigate the risk of dissemination of the exfiltrated data. As of the date of this Report, the incident has not had a material impact on the Company’s operations and has not affected the Company’s ability to service its patients. At this time, the Company is unable to determine the full financial impact of the incident, including remediation and response costs, legal, regulatory and notification-related matters, and possible effects on patients, counterparties and the Company’s reputation. The Company maintains cybersecurity insurance that may cover certain losses associated with the incident. To the extent any information required by Item 1.05 of Form 8-K was not determined or was unavailable at the time of this filing, the Company will amend this Current Report on Form 8-K as such information is determined or becomes available. Forward-Looking Statements This Current Report on Form 8-K contains statements that are not historical facts but are forward-looking statements for purposes of the safe harbor provisions under the United States Private Securities Litigation Reform Act of 1995. Forward-looking statements generally are accompanied by words such as “believe,” “may,” “will,” “estimate,” “continue,” “anticipate,” “intend,” “expect,” “should,” “would,” “plan,” “predict,” “potential,” “seem,” “seek,” “future,” “outlook,” and similar expressions that predict or indicate future events or trends or that are not statements of historical matters. The forward-looking statements include, but are not limited to, statements regarding the Company’s current beliefs, understanding, and expectations regarding the incident; statements regarding the nature and scope of the incident; the Company’s ongoing assessment of the extent, categories and volume of data that was accessed or exfiltrated; the Company’s ongoing efforts to assess and contain the threat, including the Company’s assessment of whether there is any ongoing unauthorized access to its systems; the availability and adequacy of the Company’s insurance coverage; and the potential impact of the incident on the Company’s business, operations, financial condition and results of operations. These statements are based on current information, estimates and assumptions and are subject to known and unknown risks and uncertainties. Actual results may differ materially from those expressed or implied by these forward-looking statements. Factors that could cause actual results to differ from those expressed in these forward-looking statements include the ongoing assessment of the incident; the inability to determine the full scope of affected data sets and volume of data involved; the potential publication or misuse of affected data by the threat actor or other parties; legal, regulatory, reputational, and financial risks resulting from the incident or additional cybersecurity incidents; and the risks described in the Company’s Annual Report on Form 10-K for the year ended December 31, 2025 and subsequent Quarterly Reports on Form 10-Q. Except as required by law, the Company undertakes no obligation to update these statements.
|
| Material Cybersecurity Incident Scope [Text Block] | The Company is continuing to investigate the nature and scope of the incident with external forensics teams. The full scope of affected data sets has not yet been determined, and specific information regarding the volume of data at issue is not yet available. The Company has since taken steps intended to mitigate the risk of dissemination of the exfiltrated data. |
| Material Cybersecurity Incident Timing [Text Block] | At this time, the Company is unable to determine the full financial impact of the incident, including remediation and response costs, legal, regulatory and notification-related matters, and possible effects on patients, counterparties and the Company’s reputation. The Company maintains cybersecurity insurance that may cover certain losses associated with the incident. |
| Material Cybersecurity Incident Material Impact or Reasonably Likely Material Impact [Text Block] | As of the date of this Report, the incident has not had a material impact on the Company’s operations and has not affected the Company’s ability to service its patients. |
| Material Cybersecurity Incident Information Not Available or Undetermined [Text Block] | To the extent any information required by Item 1.05 of Form 8-K was not determined or was unavailable at the time of this filing, the Company will amend this Current Report on Form 8-K as such information is determined or becomes available. |