AdaptHealth disclosed a cybersecurity incident to the SEC after a social engineering attack led to the theft of patient data, including protected health information.