Almost 2 Million Patients Exposed By Apria Healthcare Data Breach
Table of Contents
- By Steven
- Published: May 31, 2023
- Last Updated: May 31, 2023
Apria Healthcare is a healthcare equipment provider that works with more than 2 million patients annually. The company offers services in more than 280 different locations in the United States and specializes in home healthcare equipment. This organization has a significant number of employees and maintains health and personal data for employees and patients throughout the course of providing services to customers. The company was attacked by a hacker nearly two years ago, exposing almost 2 million patients, and it took Apria until May to let anyone know about what happened.
How Did the Attack Occur?
According to the investigators looking at the Apria Healthcare breach, intruders broke into the file systems on September 2021 and spent an extended time inside the files, gathering data for later use. Apria worked with the FBI and a third-party security firm in an attempt to identify all the files accessed, the entry point into the network, and any potential harm the network attack could cause.
What Information Was Viewed or Stolen?
During the data breach, a significant amount of personal and health data was exposed. The information released varies for each person involved, but it's possible that Social Security numbers, bank account information, medical information, health insurance data, credit card numbers and security codes, and basic contact information were all exposed. Having just a portion of this data exposed to the public could be harmful, and the users with all this data leaked could face serious identity theft issues in the future. As many as 1.9 million patients and employees were exposed by this attack on the company's file systems.
How Did Apria Healthcare Admit to the Breach?
Apria put out a notice on its own website explaining that it suffered a data breach and that a large number of people may have been impacted by the breach. The notice was released around the same time that the company began informing people the breach existed, in May of 2023. If you receive a notice from the company, you have verification that your data is at risk and you may be attacked in the future.
What Will Become of the Stolen Information?
It's likely the data stolen from Apria will be used to attack the individuals financially and through identity theft attacks. The data is highly personal and could be extremely damaging if it is misused without action from the individuals to protect themselves. The attackers will almost certainly attempt to use the data to gain money in some way, but they could use direct identity theft attacks, resell the data to other hackers or attempt to gain money through extortion. We have no way of knowing how the information will be misused, but we suspect that something will happen in the near future.
What Should Affected Parties Do in the Aftermath of the Breach?
If you receive a notice from Apria about the data breach, it's likely your information was exposed, and you're at risk of being hacked. You should leverage the Kroll Credit and Identity monitoring solutions offered by the company for the next 12 months. The protection services also include a fraud consultation that you can use to learn more. These protections can help you safeguard yourself against most types of attacks.
