Apria Healthcare, a prominent home healthcare equipment provider serving millions of patients across America, has revealed a significant data breach that occurred over an extended period in 2019 and 2021.
The breach potentially compromised personal, medical, health insurance, and financial information of nearly 1.9 million patients and employees, including sensitive data such as bank account and credit card numbers, security codes, access codes, passwords, and account PINs.
Apria Healthcare discovered the breach in September 2021 but only recently notified those who may have been affected, causing concerns about the delay in communication.
The unauthorized third party breached select Apria systems between April 2019 and May 2019, and again between August 2021 and October 2021. Apria has taken immediate action by collaborating with the Federal Bureau of Investigation (FBI) and engaging forensic investigators to resolve the incident securely.
While Apria claims that no proof of data theft has been found, experts remain skeptical and emphasize the potential risks of ongoing identity theft due to the extended unauthorized access. The company has implemented additional security measures to prevent future breaches and is providing complimentary identity protection services to individuals whose information may have been accessed.
Customers are advised to take precautionary measures such as credit locks and demand increased investment in cybersecurity technologies.
Tom Kellermann, a cybersecurity expert, warns that cybercriminals may have established backdoors within Apria’s compromised networks, leaving room for further problems in the future.
The breach notification letter offers free credit and identity monitoring, fraud consultation, and identity theft restoration services for a year. As investigations continue, the focus remains on protecting the data entrusted to Apria and preventing similar incidents from recurring.
