Apria Databreach

Apria Healthcare Class Action Settlement for Data Breach Opens Claims

Nearly 2 million patients may be eligible to file an online claim.

  • Data Breach Lawsuit

Last Update

lawsuitlike
lawsuitlike
lawsuitlike

About the Apria Healthcare Settlement

 

If you received care from Apria Healthcare or worked for the company between 2019 and 2021, hackers might have stolen your personal information in one of two major data breaches. 

 

The home healthcare equipment provider has agreed to pay $6,375,000 to settle class action claims over these alleged cybersecurity failures, with the settlement deadline ending in October 2025.

 

Apria Healthcare Lawsuits Explained

 

Criminal hackers are claimed to have successfully infiltrated Apria's computer systems not once, but twice over the last five years. 

 

2019 and 2021 Data Breaches

The first attack happened between April 5 and May 7, 2019, when unauthorized individuals are said to have accessed portions of the company's network containing patient and employee data. 

 

Cyberthieves then allegedly struck again, breaching Apria's systems between August 27 and October 10, 2021.

 

During these attacks, hackers may have had free rein to view and potentially steal massive amounts of personal information, affecting approximately 1,869,598 individuals across the United States.

 

In 2022, the Southern District of Indiana consolidated multiple lawsuits into a single class action case, leading to this multi-million dollar settlement agreement.

 

Information allegedly compromised

Plaintiffs say the hackers potentially stole the following sensitive information:

  • Personal identification details: Full names, home addresses, phone numbers, email addresses, and dates of birth.
  • Medical records: Treatment histories, diagnoses, prescription information, and other health-related data protected under federal privacy laws.
  • Health insurance information: Policy numbers, group numbers, and insurance claim details.
  • Financial account data: Bank account numbers, credit card information, and payment records.
  • Government identifiers: Social Security and driver's license numbers for certain individuals.

 

According to a lawsuit, the comprehensive breach meant the plaintiffs faced risks ranging from identity theft to medical fraud. 

 

Apria Healthcare Cybersecurity Failure Claims 

The class action lawsuit argued that Apria failed in its duty to protect the people who trusted the company with their most sensitive information. 

 

Alleged security violations

According to court documents, Apria Healthcare allegedly:

  • Failed to implement industry-standard cybersecurity when handling millions of patient records.
  • Maintained inadequate data protection systems that left patient information vulnerable to theft.
  • Delayed notifying affected individuals after discovering the breaches, leaving victims unaware of their exposure.
  • Provided negligent training and supervision to employees who handled sensitive patient data daily.

 

Attorneys for the plaintiffs also argued that Apria knew or should have known about these vulnerabilities. 

 

Legal claims against Apria Healthcare

The consolidated class action lawsuit brought multiple legal theories against the home healthcare company:

  • Breach of contract: Patients and employees entered agreements expecting Apria would protect their data.
  • Violation of state consumer protection laws: Including statutes in Indiana, California, Illinois, Washington, Missouri, and New York.
  • Medical privacy violations: Under various health information protection acts.
  • Breach of fiduciary duty: The company held a position of trust regarding patient information.
  • Breach of confidence: Failing to maintain the confidentiality promised to patients and employees.

 

While Apria denies all allegations and admits no wrongdoing, the company agreed to the settlement to avoid continued litigation costs and uncertainty.

Who May Participate in this Settlement?

Apria Healthcare patients and employees may generally take part in this settlement if they meet these specific criteria:

  • Received notice directly from Apria Healthcare about the data breaches.
  • Received constructive notice (such as through public announcements) that information may have been compromised.
  • Had data potentially exposed during the first breach period (April 5 - May 7, 2019).
  • Had data potentially exposed during the second breach period (August 27 - October 10, 2021).
  • Received home healthcare equipment or services during the breach periods.
  • Had personal information stored in company systems.

 

The settlement class specifically includes anyone who received notice from Apria that their information "may have been compromised" in these incidents. 

 

This broad language means eligible participants do not need proof that cyber thieves stole their data—just that it was potentially accessible to hackers.

 

Verifying eligibility

Interested parties may confirm eligibility in the following manners:

  • Check mail: Apria sent notices to the last known addresses of affected individuals.
  • Look for Class Member ID: This unique identifier appears on received settlement notices.
  • Contact the settlement administrator: Call Kroll Settlement Administration LLC at 833-890-6558.
  • Visit the official websiteApriaSettlement.com and use the eligibility verification tool.
  • Review records: Check if you received Apria services or worked there from 2019 to 2021.

 

Settlement administrators maintain a comprehensive list of all 1,869,598 eligible class members and can look up information via name and address.

 

Available Apria Data Breach Compensation 

The settlement provides potential cash payments to eligible members who suffered alleged financial losses due to the breach.

 

Out-of-pocket expense reimbursement

Participants may possibly claim up to $2,000 per person for documented out-of-pocket expenses that are "fairly traceable" to the data breach. 

 

Covered expenses can include:

  • Identity theft and fraud losses: Unauthorized charges or fraudulent accounts opened in your name.
  • Credit monitoring services: Costs for monitoring services purchased after learning about the breach.
  • Professional fees: Attorney consultations, accountant fees, and credit repair service costs.
  • Credit freeze expenses: Fees paid to freeze or unfreeze your credit with reporting agencies
  • Miscellaneous costs: Notary fees, postage, phone charges, mileage.

 

Pro-rata compensation 

Beyond expense reimbursement, valid claimants may possibly receive an equal share of the remaining settlement fund. 

 

Eligible participants may claim this cash payment alone or combine it with expense reimbursement. 

 

The settlement administrator will make pro rata calculations after processing all claims and paying other settlement costs.

 

Claim Documentation Required 

Out-of-pocket claims require "third-party documentation” to support claimed losses.

  • Receipts or invoices: Original documents showing amounts paid for breach-related services.
  • Bank statements: Highlighting unauthorized transactions or fees.
  • Credit card statements: Showing fraudulent charges or monitoring service payments.
  • Police reports: Essential for identity theft claims.
  • IRS documents: Form 4506 or letters regarding fraudulent tax returns.
  • Credit reports: Showing inquiries or accounts you didn't authorize.
  • Correspondence: Letters from creditors about fraudulent accounts.

 

The claims administrator cannot accept self-prepared documents like handwritten receipts as primary evidence. However, claimants may include such records to clarify or support other documentation. 

 

Cash payment claims

The pro rata payment requires minimal documentation:

  • Class Member ID: Found on settlement notices.
  • Current contact information: Updated address, phone, and email.
  • Bank details for electronic payment: Routing and account numbers (optional but faster).
  • Completed claim form: With required signatures and certifications.

 

No additional proof is typically needed—only verify class member identity and choose a payment method.

 

How to Submit a Claim

Online filing is one of the fastest and most convenient option.

  1. Visit ApriaSettlement.com.
  2. Click "File a Claim" and enter the Class Member ID.
  3. Choose the claim type: expense reimbursement, cash payment, or both.
  4. Upload supporting documents directly through the secure portal.
  5. Select electronic ACH payment for faster processing.
  6. Review the submission and save the confirmation number.
  7. Receive email confirmation immediately.

 

The website works on computers, tablets, and smartphones, and saves progress if time is needed to gather documents.

 

Mail-In claim option

Eligible participants may also download a PDF claim form or call the claims administrator for a mailed copy. 

 

Claimants should mail their forms via certified mail to: In re Apria Data Breach Litigation, c/o Kroll Settlement Administration LLC, P.O. Box 225391, New York, NY, 10150-5391.

 

Class members should remember the following key dates:

  • July 30, 2025: Settlement website went live.
  • September 22, 2025: Last day to opt out of the settlement.
  • September 22, 2025: Deadline to file objections.
  • October 22, 2025: Final deadline to submit claims (no extensions!).
  • November 4, 2025: Final approval hearing at the United States District Court.
  • After final approval: Payments begin once appeals resolve (typically 60-90 days).

 

Remember that the settlement administrator typically cannot accept late claims for any reason, including medical emergencies, mail delays, or website issues.

 

Home Healthcare Data Security Improvements

Beyond monetary compensation, Apria has agreed to implement comprehensive security enhancements:

  • Enhanced cybersecurity training programs for all employees handling patient data.
  • Strengthened data protection policies meeting current industry standards.
  • Additional security measures, including encryption and access controls.
  • Restricted access to patient information on a need-to-know basis.
  • Improved monitoring systems and incident response protocols.
  • Regular security audits and vulnerability assessments.

 

These business practice adjustments aim to prevent future breaches and protect current patients' information.

 

Check Out the Apria Healthcare Settlement Today

The Apria Healthcare data breach settlement represents justice for nearly 1.9 million people whose trust was allegedly violated when hackers accessed sensitive information.

 

Whether you possibly suffered financial losses from identity theft or want to investigate whether you can participate in the settlement fund, check out the lawsuit for more details at https://apriasettlement.com/


Frequently Asked Questions (FAQ)

Yes, you can still file a claim even if you've moved. The settlement covers anyone who received actual or constructive notice about the breaches, regardless of your current address. Simply provide your current contact information when filing your claim at ApriaSettlement.com or by mail. The settlement administrator uses your name and previous address to verify eligibility, so moving doesn't disqualify you from receiving compensation.

 

No, you don't need to prove that actual identity theft occurred. The settlement covers all class members whose information may have been compromised during the 2019 and 2021 breaches. You can receive the pro rata cash payment as an eligible class member. However, to claim the up to $2,000 reimbursement for out-of-pocket expenses, you'll need documentation showing breach-related costs like credit monitoring fees or fraud resolution expenses.

 

NO. The settlement treats both breaches as a single event for compensation purposes. You file one claim form that covers your eligibility from either or both breach periods. The maximum reimbursement remains $2,000 per person, regardless of whether you were affected by one or both incidents, plus you receive one pro rata cash payment from the remaining settlement fund.

 

While exposed medical information cannot be "changed" like passwords, the settlement requires Apria to implement enhanced security measures, including restricted access to patient data, improved monitoring systems, and stronger cybersecurity protocols. You should monitor your medical insurance statements for fraudulent claims, check your credit reports regularly, and consider placing a fraud alert with credit bureaus. Report any suspicious medical billing to your insurance company immediately.

This is an advertisement. OnlyClassActions is not a law firm or referral service, and we do not provide legal advice. OnlyClassActions provides a free service for individuals seeking legal representation, and we do not charge you to be connected with an attorney. We do not recommend or endorse any attorneys that pay to participate. OnlyClassActions utilizes a pool of attorneys in each jurisdiction, and attorneys are selected through a round-robin process without our evaluating your legal situation when selecting which attorney will receive your information. OnlyClassActions makes no representation about the quality of legal services or the qualifications of any attorney participating in our pool. Information you submit will be shared with third-party attorney(s). An attorney-client relationship is not formed when you submit information through the form. Hiring a lawyer is a critical decision and should not be predicated solely on comments, advertisements, or other content found on any website. You are under no obligation to retain a lawyer who contacts you through this service.

Add Comment