back to article Apria Healthcare says potentially 2M people caught up in IT security breach

Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company's networks over a series of months in 2019 and 2021. The home healthcare equipment provider, which says it serves about two million patients from 280 locations across …

  1. Anonymous Coward
    Anonymous Coward

    No suprise

    Apria feels like an insurance racket. Your insurance company tells you to go to Apria for supplies and you're on your own. There is for insurance covered supplies and for non-insurance supplies. The two sites look similar and they make it easy to permanently transfer to the non-insurance version. Non-insurance prices are, of course, inflated and there is zero insurance reimbursement possible. Even if you know there are two sites and successfully remain on the insurance side of things, the co-pay might be the same as the market value of what you're buying.

    "This financial information includes bank account and credit card numbers in combination with security codes, access codes, passwords and account PINs" - Last time I checked, banks prohibited the storage of security codes. They may exist only long enough to set up payment authorization, then they must be erased.

    "the purpose of the unauthorized access was to fraudulently obtain funds from Apria" - What's more likely: crims trying to get money out of a company that makes money vanish, or crims using the banking information and auth codes they just stole?

  2. sitta_europea Silver badge

    Sitting on the breach for two years must in itself be a crime, no?

    1. Korev Silver badge

      In the UK/EU yes, but the fines tend to be microscopic...

  3. IglooDame

    At what point do we simply assume that everyone's personal data has become available in some way or other on the web and mandate changes in the usage of identity for finance and other areas in order to mitigate at least some of the damage from it? In addition to C-level folks going to jail for reasonably avoidable breaches (or for failure to promptly disclose those breaches), that is.

    /rant, because I know that the realistic answer is 'heat death of the universe' or possibly after that.

  4. openclassactions

    there's an open investigation where people can get $2k to $5k if they were part of the breach - check out open class actions on google

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like