Apria Healthcare Class Action: Alleged Data Breach

In a recent lawsuit filed on June 17, 2023, the plaintiff, Leonardo Depinto, alleges that Apria Healthcare LLC failed to adequately protect the private information of its customers, leading to a data breach. The class action lawsuit, represented by Milberg Coleman Bryson Phillips Grossman PLLC, accuses the defendant of negligence, negligence per se, and breach of implied contract. The case was filed in the U.S. District Courts in the Indiana Southern District.

What Laws Did Apria Healthcare Allegedly Violate?

According to the lawsuit, Apria Healthcare allegedly violated Indiana Code § 24-4.9-3-1, et seq which governs data security breach notification requirements. This law requires companies to provide timely and accurate disclosures to consumers in the event of a data breach. The plaintiff claims that Apria Healthcare failed to meet this requirement.

The lawsuit also alleges breach of implied contract. This refers to an unwritten contract that is inferred from the actions, conduct, or circumstances of the parties involved. In this case, the plaintiff argues that Apria Healthcare impliedly agreed to protect the private information of its customers but failed to do so.

How Did the Alleged Breach Unfold?

The plaintiff and other class members provided their private information to Apria Healthcare as part of the company's regular business practices. The defendant promised to keep this information secure and confidential. However, the plaintiff alleges that the defendant failed to take reasonable steps to safeguard this information, leading to a data breach.

As a result of the data breach, the plaintiff and class members have suffered actual injury, including invasion of privacy, lost or diminished value of private information, and increased risk of identity theft and fraud.

Who Are the Class Members?

The class members in this lawsuit are all individuals in the United States whose private information was impacted by the data breach. These are individuals who entrusted their private information to Apria Healthcare and suffered harm as a result of the alleged data breach.

The specific criteria for being a part of the class is that the individual must have had their private information impacted by the data breach. All individuals in the United States who meet this criterion are eligible to be a part of the class.

What Damages Is the Plaintiff Seeking?

The plaintiff is seeking injunctive relief, including requiring Apria Healthcare to protect data collected through their business, delete and destroy private information, and implement an information security program. The plaintiff is also seeking actual, compensatory, statutory, and punitive damages, as well as attorneys' fees and costs.

While the exact dollar amount is not stated in the complaint, in a class action lawsuit of this nature, the damages sought are typically at least five million dollars.

What Could Be the Next Steps in the Case?

The next steps in the case will likely involve Apria Healthcare responding to the allegations. The defendant may choose to settle the case out of court or fight the allegations in court. If the case goes to trial, a judge or jury will determine whether Apria Healthcare is liable for the alleged damages.

If the court finds in favor of the plaintiff, Apria Healthcare may be required to pay damages to the plaintiff and class members and take steps to improve its data security practices. If the court finds in favor of the defendant, the lawsuit will be dismissed and the plaintiff and class members will not receive any damages.