Security News > 2023 > May > Apria Healthcare says potentially 2M people caught up in IT security breach

"Based on the investigation, it was determined that information potentially accessed in the incident varied for each individual and may have included personal, medical, health insurance or financial information, and in some limited cases, Social Security numbers," according to a notice on Apria's website.

The healthcare biz also provided more details about what happened in a data security breach notification letter sent to 1,869,598 people.

An "Unauthorized third party" broke into "Select Apria systems" containing personal information from April 5, 2019 to May 7, 2019, and then a second time from August 27, 2021 to October 10, 2021, according to the alert [PDF].

A small number of emails were confirmed to have been accessed Apria did not find proof that files or emails were taken from any system.

In its notification letter, the organization told customers it "Believes the purpose of the unauthorized access was to fraudulently obtain funds from Apria and not to access personal information of its patients or employees. There is no evidence of funds removed, and Apria is not aware of the misuse of personal information related to this incident."

After working with the FBI and outside forensic investigators to "Conduct a thorough review of the potentially affected systems," Apria says it has implemented "Additional security measures" to prevent a similar breach in the future - and further lock down patients' and employees' confidential data.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/05/23/apria_healthcare_breach/