Anyone who received notice that their information may have been exposed in the Apria Healthcare data breach.
What’s Going On?
Apria recently announced a multi-year data breach during which an unauthorized party may have had access to nearly 1.9 million individuals’ personal, medical and financial information. Attorneys are now looking to file a class action lawsuit against Apria on behalf of victims.
How Could a Class Action Help?
A class action lawsuit could help data breach victims get back money for any harm caused by the incident and force Apria to strengthen its data security.
Attorneys working with ClassAction.org want to hear from anyone who received a letter from Apria Healthcare stating that their information may have been exposed during a data breach.
In late May 2023, the home medical equipment provider reported that an unauthorized party had gained access to its computer systems on two separate occasions, the first of which dates all the way back to April 2019.
According to the company’s website notice, information potentially exposed in the breach includes personal, medical, health insurance and financial information, as well as Social Security numbers in some instances.
Attorneys working with ClassAction.org believe Apria may have failed to implement proper data security policies and potentially violated state and federal law by waiting, in some cases, over four years to notify consumers whose information was exposed.
They’re now looking to file a class action lawsuit against Apria to help compensate victims for any harm they experienced as a result of the breach – but first, they need to hear from more people who were affected.
Apria Data Breach: What Happened, Exactly?
Hackers reportedly gained access to some of Apria’s computer systems from April 5, 2019 to May 7, 2019 and then again from August 27, 2021 to October 10, 2021.
The company posted a short notice of the data breach on its website, revealing only that broad groups of data such as “personal” and “financial” information had potentially been accessed.
According to the Texas Attorney General’s website, personal information exposed in the breach may more specifically include names, addresses and driver’s license numbers. It has also been reported that financial information at risk may include bank account numbers and credit and debit card numbers in combination with the security code, access code, password or PIN for the account.
One lawsuit against Apria Healthcare reveals that the patient in the case had his name, birth date, medical device descriptions, patient account number, address, dates of service and email and telephone number exposed.
Did Apria Wait Too Long to Notify Patients of the Breach?
Attorneys working with ClassAction.org believe that Apria Healthcare unnecessarily and illegally delayed in warning consumers about the data breach.
Specifically, attorneys believe Apria broke the Health Insurance Portability and Accountability Act’s Breach Notification Rule, which states that notice must be provided to affected individuals “without unreasonable delay and in no case later than 60 days following the discovery of a breach.” All 50 states also have laws in place about sending timely data breach notifications to affected individuals.
Apria Healthcare, which provides home medical equipment for sleep apnea, pharmaceutical services, and equipment and supplies for wound care and diabetes, says it learned of the data breach on September 1, 2021. It wasn’t until around May 22, 2023 that Apria filed an official notice of the hacking incident – which is more than four years after the first breach occurred.
Apria Healthcare Lawsuit: What Could I Get?
If successful, a lawsuit against Apria Healthcare could provide consumers the chance to recover money for damages resulting from the data breach, including:
Time spent dealing with the fallout from the breach (placing freezes and alerts with credit reporting agencies; monitoring accounts, credit reports and insurance statements, etc.)
Out-of-pocket costs related to the breach, such as fees for credit freezes, credit reports, credit monitoring and identity theft protection
Damage to credit
Loss of privacy
A lawsuit could also potentially force Apria Healthcare to implement stronger data security to ensure consumers’ information is protected from further unauthorized access.