Apria Healthcare Lawsuit Investigation: Data Breach Victims May Be Owed Compensation

Attorneys working with ClassAction.org want to hear from anyone who received a letter from Apria Healthcare stating that their information may have been exposed during a data breach.

In late May 2023, the home medical equipment provider reported that an unauthorized party had gained access to its computer systems on two separate occasions, the first of which dates all the way back to April 2019.

According to the company’s website notice, information potentially exposed in the breach includes personal, medical, health insurance and financial information, as well as Social Security numbers in some instances.

Attorneys working with ClassAction.org believe Apria may have failed to implement proper data security policies and potentially violated state and federal law by waiting, in some cases, over four years to notify consumers whose information was exposed.

They’re now looking to file a class action lawsuit against Apria to help compensate victims for any harm they experienced as a result of the breach – but first, they need to hear from more people who were affected.

Apria Data Breach: What Happened, Exactly?

Hackers reportedly gained access to some of Apria’s computer systems from April 5, 2019 to May 7, 2019 and then again from August 27, 2021 to October 10, 2021.  

The company posted a short notice of the data breach on its website, revealing only that broad groups of data such as “personal” and “financial” information had potentially been accessed.

According to the Texas Attorney General’s website, personal information exposed in the breach may more specifically include names, addresses and driver’s license numbers. It has also been reported that financial information at risk may include bank account numbers and credit and debit card numbers in combination with the security code, access code, password or PIN for the account.  

One lawsuit against Apria Healthcare reveals that the patient in the case had his name, birth date, medical device descriptions, patient account number, address, dates of service and email and telephone number exposed.

Did Apria Wait Too Long to Notify Patients of the Breach?

Attorneys working with ClassAction.org believe that Apria Healthcare unnecessarily and illegally delayed in warning consumers about the data breach.

Specifically, attorneys believe Apria broke the Health Insurance Portability and Accountability Act’s Breach Notification Rule, which states that notice must be provided to affected individuals “without unreasonable delay and in no case later than 60 days following the discovery of a breach.” All 50 states also have laws in place about sending timely data breach notifications to affected individuals.

Apria Healthcare, which provides home medical equipment for sleep apnea, pharmaceutical services, and equipment and supplies for wound care and diabetes, says it learned of the data breach on September 1, 2021. It wasn’t until around May 22, 2023 that Apria filed an official notice of the hacking incident – which is more than four years after the first breach occurred.

Apria Healthcare Lawsuit: What Could I Get?

A lawsuit could also potentially force Apria Healthcare to implement stronger data security to ensure consumers’ information is protected from further unauthorized access.

Before commenting, please review our comment policy.