Getty Images/iStockphoto

2M Individuals Impacted by Healthcare Data Breach at Apria Healthcare

Social Security numbers and other personal health information of millions of patients were impacted in the multi-year, months-long healthcare data breach at Apria Healthcare.

Nearly 2 million patients were notified by Apria Healthcare about a healthcare data breach that dates back to April 2019, during which hackers infiltrated their computer systems and accessed personal health information (PHI) over a series of months

As a result customers' names and Social Security numbers, as well as their personal, medical, health insurance, and financial information, were potentially accessed.

Apria was alerted about unauthorized access to select systems on September 1, 2021, leading to immediate security measures and an investigation. The probe revealed that the breach took place sporadically between April 5, 2019, and October 10, 2021. Despite this, victims were only officially notified nearly four years after the first breach occurrence."

“There is no evidence of funds removed, and Apria is not aware of the misuse of personal information related to this incident. A small number of emails and files were confirmed to have been accessed, but there is no proof that any data was taken from any system,” Apria reported.

Apria takes the safeguarding of personal information seriously and regrets any concern this may cause. We have implemented additional security measures upon the guidance and recommendation of our forensic investigators to help prevent the reoccurrence of a similar breach and to further protect the privacy of our patients and employees.

Amazon-Owned PillPack Announces Healthcare Data Breach

Amazon's PillPack announced a healthcare data breach impacting almost 20,000 customers.

On April 3, 2023, the company discovered an unauthorized individual attempting to access PillPack.com accounts using customers' emails and passwords.

A subsequent investigation revealed that this unauthorized access occurred between April 2 and 6, 2023, compromising customers' email addresses, PillPack prescription details, and their prescribing providers' contact information. In total, the hacker accessed 19,032 accounts.

“Our investigation confirmed that no e-mail addresses or passwords were taken from PillPack, and our systems are secure. Instead, it’s most likely that the unauthorized person was able to log in to the PillPack accounts because customers used the same e-mail and password for another website where they got the information”

The company swiftly reacted by resetting all account passwords to thwart any further unauthorized access and safeguard customer accounts. They also implemented multi-factor authentication for all accounts to provide an added layer of protection.

Asian Healthcare Services Discloses Data Security Incident

Asian Healthcare services a disclosed healthcare data breach that potentially impacted an undisclosed number of current and former patients and employees

The breach occurred on February 7 and 13, 2023, but AHS became aware of it on February 13 and initiated an investigation.

Upon thorough analysis of the compromised email account, AHS confirmed that patient information was indeed included.

The investigation confirmed that names, medical record numbers, dates of birth, phone numbers, and health information (including diagnoses), were present in the accessed email account. However, social security numbers and financial information were not included in the compromised email account.

“While AHS does not have evidence that any information contained in the email account was used for fraudulent purposes, AHS is unable to conclusively rule out the possibility that personal information was compromised,” the notice stated.

“As such, AHS mailed notification letters to those patients who may have been affected by this incident. AHS is offering affected adults credit monitoring and affected minors cyber monitoring. These services provide alerts for 12 months from the date of enrollment.”

Next Steps

Dig Deeper on Healthcare data breaches