(Indianapolis, IN) - The Indiana Attorney General’s Office is going after a healthcare provider following a massive data breach exposing Hoosiers to identity theft.

 

Apria is a provider of home healthcare equipment and related services across the United States. In September of 2021, the FBI notified Apria that an unauthorized third party was likely able to access their system. The intruder accessed millions of documents containing personal information. In addition to employee email accounts, at least 42,000 Hoosiers were compromised. Nationwide 1.8 million people were affected.

 

According to the Attorney General's Office, the unwelcome third party was able to access personal information such as Social Security Numbers, birth certificates, credit and debit card information, medical histories, addresses, and other identifiable data.

 

“Patients should be able to trust their medical providers at all times,” Attorney General Todd Rokita said. “All Hoosier patients deserve their privacy, especially when it comes to medical care.”

 

The Attorney General’s lawsuit includes five counts of various data security violations. The suit alleges that Apria was negligent in securing data and failed to notify clients for over a year and a half following multiple security breaches.