Indiana Attorney General Todd Rokita has taken legal action against Apria Healthcare, filing a lawsuit on behalf of the state’s residents following a massive data breach impacting at least 42,000 Hoosiers and 1.8 million individuals nationwide. Apria, a major provider of home healthcare services, allegedly fell victim to an unauthorized third party who gained access to millions of documents containing protected health information and other personal data. The breach, initially flagged by the FBI on September 1, 2021, remained undisclosed to patients until May 2023, resulting in alleged violations of HIPAA and Indiana law.
Rokita emphasizes the importance of patient trust in medical providers and condemns Apria’s delayed notification, which allegedly exposed affected individuals to the risks of identity theft and financial ruin. The lawsuit comprises five counts against Apria, encompassing violations of HIPAA’s Notification, Security, and Privacy Rules, along with charges under the Disclosure of Security Breach Act and the Indiana Deceptive Consumer Sales Act. Furthermore, it is revealed that Apria’s parent company, Owens and Minor, allegedly knew about the breaches when it acquired Apria in March 2022.
Reference:
