Apria Healthcare, a manufacturer of medical equipment for the home, is sending out breach notifications to roughly two million people whose information may have been stolen in data breaches in 2019 and 2021.
Close to two million people in the United States rely on Apria, making it one of the top providers of home respiratory services and the best medical equipment. The corporation has warned customers this week that their data may have been compromised in past hacks.
The initial breach happened between April 5 and May 7, 2019, per the notification letter provided to affected people and submitted to the Maine Attorney General’s Office. The corporation claims that between August 27 and October 10, 2021, the same unauthorized individual accessed its networks.
Apria healthcare claims it learned about the data breaches after receiving a notification of illegal access to its systems, albeit it does not identify from whom it received the alert.
The notice letter says that based on their investigation and conversations with law enforcement, Apria thinks the goal of the unauthorized access was to fraudulently collect funds from Apria and not to access personal information of its patients or staff.
According to the company, there was no indication that the hackers stole money or sensitive information. While just a “small number of emails and files” were actually accessed by the threat actors, this is still a serious problem.
It was discovered that the information possibly obtained in the event varied for each user and may have included personal, medical, health insurance, or financial information, and in some circumstances, Social Security numbers, the company said in a data breach warning posted on its website. More than 1.86 million people, according to a report from Apria to the Maine Attorney General.
The affected company, Apria Healthcare LLC, provides a variety of medical devices for illnesses like chronic obstructive pulmonary disease (COPD), sleep apnea, and diabetes to more than 2 million people annually. For up to 1.8 million people, personal and confidential information was compromised when Apria Healthcare, a leading provider of home healthcare equipment, discovered unauthorized access in its computer network on September 1, 2021. Apria Healthcare notified the Attorney General of Maine on May 22, 2023, that a data breach had occurred within the company’s infrastructure.
Files containing sensitive patient data were accessed by an unauthorized third party. This data included names, Social Security numbers, personal details, medical records, health insurance information, and financial data. Financial information such as account numbers, credit/debit card numbers, security codes, access codes, passwords, and PINs may be obtained. As soon as Apria Healthcare learned of the hack, it launched an investigation and hired a cybersecurity firm to determine the full scope of the intrusion. The company investigated by going through the compromised files to find out what data was leaked and who was affected. Apria mailed letters informing anyone whose personal information may have been affected in the breach on May 22, 2023.