Healthcare services provider CPAP Medical Supplies and Services is informing tens of thousands of people that their personal and health information has been compromised.
Florida-based CPAP Medical provides sleep apnea equipment, including to members of the US military and their families.
The organization said in a data security incident notice posted on its website that its systems were accessed by hackers in mid-December 2024.
Attackers had access for more than a week and they may have stolen files containing sensitive information, including Social Security numbers and protected health information.
CPAP Medical has informed state authorities and the Department of Health and Human Services (HHS) that the breach impacts more than 90,000 people.
“CPAP has no evidence that any personal information has been or will be misused as a direct result of this incident,” the healthcare provider said.
No known ransomware group appears to have taken credit for the attack on CPAP Medical. It’s possible that CPAP was targeted by threat actors that don’t name and shame victims, or the organization may have paid a ransom to avoid having stolen data leaked.
This is a relatively small healthcare-related data breach. It’s not uncommon for organizations in this sector to disclose incidents impacting hundreds of thousands and even millions of people.
Related: Over 1 Million Impacted by DaVita Data Breach
Related: Northwest Radiologists Data Breach Impacts 350,000 Washingtonians
Related: Marketing, Law Firms Say Data Breaches Impact Over 200,000 People
Related: 1.4 Million Affected by Data Breach at Virginia Radiology Practice
