Massive Data Breach at Apria Healthcare LLC Puts Nearly 1.87 Million at Risk

• Apria Healthcare LLC, a leading healthcare provider, suffered a data breach potentially exposing personal and financial information of about 1.87 million individuals.
• In response, the company has engaged the services of Kroll, a global leader in risk mitigation, to provide identity monitoring, including credit monitoring, fraud consultation, and identity theft restoration, at no cost to affected individuals for one year.

INDIANAPOLIS, Indiana – Apria Healthcare LLC, a leading healthcare provider, has disclosed a significant data breach that has potentially compromised the personal information of about 1.87 million individuals, including 7,162 residents of Maine.

The breach reportedly occurred between April 4, 2019, and October 10, 2021, with Apria discovering the breach on October 1, 2021. According to John F. McCauley, a partner at Dentons and outside counsel for Apria, the breach involved unauthorized access by a third party, commonly referred to as hacking.

The affected systems contained a combination of personal identifiers and financial account numbers, including credit or debit card numbers in conjunction with the associated security code, access code, password, or PIN for the account. There is no proof that any data was removed from any system, and Apria is not aware of any misuse of the personal information related to this incident.

In a notification letter sent to affected parties, Apria described that it received a notification about the unauthorized access on September 1, 2021. “Apria took immediate action to mitigate the incident, including working with the Federal Bureau of Investigation (FBI) and hiring a reputable forensic investigation team to investigate and securely resolve the incident,” McCauley stated.

Although the investigation suggested the purpose of the unauthorized access was to fraudulently obtain funds from Apria, rather than accessing personal information of patients or employees, the company is not taking any chances.

In the wake of the breach, Apria has introduced additional security measures based on the guidance and recommendations of the forensic investigators. This step is intended to prevent similar breaches in the future and to protect the privacy of patients and employees.

To help alleviate concerns and restore confidence, Apria has engaged the services of Kroll, a global leader in risk mitigation and response. Kroll will provide identity monitoring at no cost for one year to the individuals affected by the data breach. Services provided by Kroll will include credit monitoring, fraud consultation, and identity theft restoration.

Apria Healthcare LLC is a leading U.S. provider of home medical equipment delivery and clinical support. The company offers a range of services, including those for chronic obstructive pulmonary disease (COPD), sleep apnea, and wound therapy, among others. Established in Tampa, Florida, the company operates in the field of Durable Medical Equipment & Medical Supplies. Serving more than 2 million patients annually, Apria Healthcare is a significant player in the healthcare sector