Apria Healthcare Agrees to $6.4M Data Breach Settlement
Apria Healthcare, an Indianapolis-based provider of home healthcare equipment and related services, has agreed to pay $6,400,000 to resolve all claims related to data breaches in 2019 and 2021 that affected 1,869,598 individuals.
In April 2019, hackers gained access to parts of its network where employee and patient data were stored. The investigation confirmed unauthorized access to the network between April 5, 2019, and May 7, 2019. A further hacking incident was experienced in 2021 and was disclosed by Apria Healthcare in May 2023. Hackers had access to its network between August 27, 2021, and October 10, 2021, and potentially viewed or obtained personal, medical, health insurance, and financial information.
Several lawsuits were filed in the Southern District of Indiana in response to the data breach, and in October 2023, the lawsuits were consolidated into a single action in the U.S. District Court for the Southern District of Indiana. Apria Healthcare is also being sued by the Indiana Attorney General over these two hacking incidents, with the litigation yet to be resolved.
The consolidated class action lawsuit alleged Apria Healthcare was negligent due to the failure to implement reasonable and appropriate cybersecurity measures to safeguard sensitive data on its network. The lawsuit also asserted claims of negligence per se, negligent training and supervision, breach of contract, breach of implied contract, bailment, breach of fiduciary duty, breach of confidence, unjust enrichment, invasion of privacy, and violations of consumer protection and deceptive business practices laws in Indiana, California, Illinois, Washington, Missouri, New York.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Apria Healthcare denied and continues to deny all claims and contentions in the lawsuit and has not admitted to any wrongdoing. After considering the uncertainty and risks associated with continuing to fight the litigation, Apria Healthcare agreed to a settlement. The proposed settlement will see Apria Healthcare establish a $6.4 million settlement fund to cover claims, attorneys’ fees, class representative service awards, and legal costs and expenses. The plaintiffs’ attorneys are expected to ask for one-third of the settlement fund plus $50,000 in costs and expenses.
All class members are entitled to submit a claim for reimbursement of documented, unreimbursed out-of-pocket expenses fairly traceable to the data breach up to $2,000 per class member. After costs, expenses, and claims have been paid, all class members who submit a claim will receive a cash payment. The cash payments will be paid pro rata from the cash remaining in the settlement fund.
