An unauthorised third party had accessed systems that contained personal information, according to Apria's inquiry.
Because of the way they said it, it's unclear whether there were two separate occurrences involving various evil guys or organisations, or if the same bad guy was probably responsible for both.
Based on its investigation and communications with law enforcement, Apria is confident that the unauthorised access was made with the intent to steal money from the company, not to gain access to patient or staff personal information.
There is no proof that any money was taken, and Apria is not aware that any personal data relating to this incident was misused.
TPRM report: https://scoringcyber.rankiteo.com/company/apria
"id": "apr163225623",
"linkid": "apria",
"type": "Breach",
"date": "05/2023",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Apria',
'type': 'Company'}],
'data_breach': {'type_of_data_compromised': ['Personal Information']},
'description': 'An unauthorized third party had accessed systems that '
"contained personal information, according to Apria's inquiry. "
'Based on its investigation and communications with law '
'enforcement, Apria is confident that the unauthorized access '
'was made with the intent to steal money from the company, not '
'to gain access to patient or staff personal information. '
'There is no proof that any money was taken, and Apria is not '
'aware that any personal data relating to this incident was '
'misused.',
'impact': {'data_compromised': ['Personal Information']},
'motivation': 'Financial Gain',
'response': {'law_enforcement_notified': 'Yes'},
'title': 'Unauthorized Access to Apria Systems',
'type': 'Data Breach'}