Apria Healthcare, a provider of at-home medical equipment for sleep apnea, is providing notice of a data breach that involved some personal information.
According to the HIPAA Journal, the breach may have affected more than 1.8 million individuals.
On September 1, 2021, Apria said it received a notification regarding access to select Apria systems by an unauthorized third party. Apria took immediate action to mitigate the incident, including working with the Federal Bureau of Investigation and hiring a reputable forensic investigation team to investigate and securely resolve the incident.
Based on its investigation and discussions with law enforcement, the company said it believes the purpose of the unauthorized access was to fraudulently obtain funds from Apria and not to access personal information of its patients or employees. There is no evidence of funds removed, and Apria is not aware of the misuse of personal information related to this incident. A small number of emails and files were confirmed to have been accessed, but there is no proof that any data was taken from any system. For the individuals receiving this notice, the investigation was unable to confirm whether any emails or files about them were actually accessed.
Apria cannot rule out the possibility that some files containing individuals’ information may have been accessed as a result of this incident. Based on the investigation, it was determined that information potentially accessed in the incident varied for each individual and may have included personal, medical, health insurance or financial information, and in some limited cases, Social Security numbers. Apria is notifying those individuals whose information may have been accessed and is providing complimentary identity protection services.
Apria takes the safeguarding of personal information seriously and regrets any concern this may cause. We have implemented additional security measures upon the guidance and recommendation of our forensic investigators to help prevent the reoccurrence of a similar breach and to further protect the privacy of our patients and employees.