Hackers attack medical device supplier, steal information from nearly 2 million people

Cybercriminals attacked Apria Healthcare LLC, stealing the credit card information of nearly 2 million customers.

Apria, a leading provider of home medical equipment delivery and clinical support in the U.S., notified affected customers on May 22 that an "unauthorized third party" accessed Apria systems that choose to store personal information.

The attackers reportedly stole financial data, including account numbers and credit/debit card numbers. Account security codes, access codes, passwords and PINs were also accessed.

An unauthorized third party allegedly accessed Apria's systems between April 5 and May 7, 2019. The malicious actor then accessed the system again between August 27 and October 10, 2021.

Apria asserts that based on its investigation and discussions with law enforcement, they believe the attackers' purpose was to "fraudulently obtain funds from Apria and not to access personal information of its patients or employees."

The company said it has found no evidence that funds were diverted and, to date, there have been no reports of misuse of the compromised personal information.

The Maine Attorney General's Office said 1,869,598 people were hacked. Apria offers free credit monitoring and identity theft protection services to affected individuals.