Home healthcare equipment and related services provider, Apria Healthcare based in Indianapolis decided to pay $6,400,000 to settle all claims filed by the 1,869,598 individuals affected by data breaches in 2019 and 2021.
In April 2019, hackers accessed areas of its system where personnel and patient information were located. The investigation revealed unauthorized access to the system from April 5, 2019 to May 7, 2019. Apris Healthcare experienced one more hacking incident in 2021, which was announced in May 2023. Hackers got access to its system from August 27, 2021 to October 10, 2021, and likely viewed or stole personal, health, medical insurance, and financial data. HIPAA training could have helped to identify and prevent the data breaches.
Because of the data breach, multiple lawsuits were filed against Apria Healthcare in the Southern District of Indiana. In October 2023, the lawsuits were combined into one class-action lawsuit in the U.S. District Court for the Southern District of Indiana. The Indiana Attorney General also sued Apria Healthcare because of these two hacking cases and the litigation is not yet settled.
The combined class action lawsuit claimed Apria Healthcare was negligent because it did not implement reasonable and proper cybersecurity procedures to protect sensitive information on its system. The lawsuit likewise alleged breach of contract, breach of implied contract, negligence per se, negligent training and administration, bailment, breach of confidence, breach of fiduciary duty, unjust enrichment, privacy violation, violations of consumer protection, and dishonest business practices laws in California, Illinois, Indiana,
Washington, New York, and Missouri.
Apria Healthcare rejected and denied all claims and disputes in the lawsuit and did not admit wrongdoing. However, Apria opted to settle the lawsuit after contemplating the uncertainty and pitfalls related to continuous litigation. The offered settlement will require Apria Healthcare to create a $6.4 million settlement fund for claims, class representative service awards, attorneys’ fees, and legal costs and expenditures. The plaintiffs’ lawyers are expected to request 33% of the settlement fund and $50,000 for fees and expenses.
All class members are eligible to file a claim of up to $2,000 per class member for repayment of recorded, unreimbursed out-of-pocket expenditures linked to the data breach. After paying all costs, expenditures, and claims, all class members who filed a claim will be given a cash payment. The computation of cash payments is pro rata of the money left in the settlement fund.
