A recently discovered Apria Healthcare data breach has been discovered which has impacted 1,987 patients. the security breach has resulted in the exposure of a wide range of patient data.
The cyberattack was discovered on August 5, 2016 and rapid action was taken to shut down access to Apria Healthcare’s systems. An external computer forensics firm was called upon to investigate the Apria Healthcare data breach. The investigation revealed a single email account had been compromised. The electronic health record system was not compromised in the attack. Apria Healthcare did not disclose how access to the email account was gained.
The investigation involved checking every email in the employee’s account to check for the presence of any confidential and sensitive patient data. The investigation revealed a number of documents in the email account which contained sensitive patient data. It is unclear whether the attacker accessed emails or stole any data, but the possibility could not be ruled out.
The information exposed as a result of the hacking incident includes patients’ names, ID numbers, dates of birth, medical diagnoses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, state ID numbers, health insurance information, physician’s names, treatment locations, and the type of medical equipment requested.
Due to the sensitive nature of exposed information, Apria Healthcare has offered all affected patients a year of credit monitoring services without charge. Patients will also receive complimentary identity theft protection and resolution services for a year.
All patients affected by the breach have now been notified of the incident by mail, in accordance with Health Insurance Portability and Accountability Act Rules. Patients have been advised to check Explanation of Benefits statements for any sign of fraudulent activity and to monitor their credit accounts. Medical bills, account statements, and credit reports for signs of fraud.