In a recent data incident, Apria HealthCare Inc. reported a data breach that occurred between April 5, 2019, and May 7, 2019, along with another from August 27, 2021, to October 10, 2021. The company is known as a leading provider of home medical equipment and clinical support, based in Indianapolis, US, and had a net worth of $644 million in 2021.
On September 1, 2021, Apria received an alarming notification from an anonymous threat actor that they had unauthorized access to some of the company’s systems. In response, Apria quickly launched an investigation into the matter, working with the Federal Bureau of Investigation (FBI) and other forensic investigators, to identify the severity of the breach and take immediate measures to mitigate it.
The investigation revealed that the threat actor had gained unauthorized access to the system, and some personal information had been compromised. However, the company stated that the unauthorized third-party access was primarily for fraudulent funds, and not to obtain personal information from patients.
Apria confirmed that it had found no evidence of fraudulent fund transactions or claims related to the misuse of the stolen personal information. A small number of emails and files were confirmed to have been accessed, but there was no evidence that any data had been taken from any system.
Despite assurances from the company, Apria has offered Identity Monitoring service Kroll to all affected customers, free of charge, to provide them with a safety net for the upcoming year. Kroll is an industry-leading risk mitigation and response provider that helps people who have faced unintentional confidential data exposure.
The services offered by Kroll include Single Bureau Credit Monitoring, Fraud Consultation, and Identity Theft Restoration, making them a great resource for affected customers seeking end-to-end protection in the wake of Apria’s breach.
The healthcare sector is no stranger to data breaches, and companies must employ the highest levels of cybersecurity to prevent such incidents from occurring in the future. Apria has since implemented additional security measures, as per the guidance and recommendations offered by forensic investigators.
Data breaches affect individuals by compromising their sensitive information and personal data, leaving them at risk of identity theft. Organizations must take every precautionary measure to ensure the safety of their customers’ personal information, striving to keep confidential information safe and out of the hands of cybercriminals.
In conclusion, Apria HealthCare’s recent data breach, where personal information was accessed for financial fraud rather than identity theft, highlights the need for adequate security measures in all sectors to prevent such incidents from arising in the future. Customers should take advantage of the services offered by Kroll and related providers to minimize the risk of identity theft and other harms resulting from a data breach.