CA: Apria Healthcare notifies patients of breach
Apria Healthcare today announced a data security incident involving unauthorized access to an employee’s email account. Apria Healthcare is one of the nation’s leading providers of home respiratory services and certain medical equipment. Affected individuals may have received certain medical equipment from Apria Healthcare.
On August 5, 2016, Apria Healthcare discovered that the email account of an Apria Healthcare employee was subject to unauthorized access and immediately launched an internal investigation and retained third-party forensic experts to assist in the investigation of the incident. The forensic investigators later determined that the email account contained the personal information of certain individuals. Apria Healthcare then undertook a thorough analysis and review of all documents within the email account to determine all affected individuals and data types involved.
The data potentially subject to unauthorized access includes a combination of name, date of birth, patient identification number, Social Security number, diagnosis information, doctor’s name, type of medical equipment requested, treatment location, medical record number, driver’s license or state identification number and/or health insurance information.
Letters to those impacted by the incident are being mailed. These letters include an explanation of the incident, an offer of credit monitoring and identity restoration services and information about additional ways impacted individuals can protect themselves.
To Learn More
Apria Healthcare has established a confidential call center regarding this incident. The call center is staffed with professionals who can answer questions about this incident and provide information on how to protect against misuse of personal information. The call center is available Monday through Saturday, 8 a.m. to 8 p.m. Central time at 1-855-303-6661.
SOURCE: Apria Healthcare