Medical equipment company Apria Healthcare informed 1.86 million individuals of data breaches. Apria is the largest provider of home respiratory services and medical equipment with 280 locations in the United States. The cyber attacks likely compromised the personal information of many customers.
The first cyber attack occurred between April 5 and May 7, 2019. The same bad actor accessed Apria systems again between August 27 and October 10, 2021. The company claims there is no evidence the hacker removed funds or appropriated data, but they did access various emails and files. These files may have included the personal health insurance or financial information of some customers, as well as Social Security numbers. Apria believes the attack intended to steal funds from the company rather than hold personal information for ransom. The company informed the Maine Attorney General and impacted individuals this week.