Data Breach Summary
CPAP Medical Supplies and Services Inc. (“CPAP”), a provider of respiratory and sleep therapy equipment, has reported a data breach that compromised the personal and protected health information of approximately 90,133 individuals across the United States. We urge anyone who received a breach notification to remain vigilant by monitoring their financial accounts and medical records for any suspicious activity.
The breach was discovered on June 27, 2025, following an in-depth forensic investigation initiated after suspicious activity was identified within the company’s systems. According to CPAP, an unauthorized actor gained access to its internal network between December 13 and December 21, 2024.
Although only 133 residents of Maine were affected—falling below the threshold that requires CPAP to notify consumer reporting agencies—the overall scale of the breach has raised significant concerns.
The compromised data includes individuals’ full names in combination with other personal identifiers and potentially sensitive health-related information. CPAP has stated that, at this time, there is no evidence suggesting the information has been misused. However, in an effort to mitigate any risk, the company is offering affected individuals complimentary access to IDX credit and identity monitoring services.
This breach highlights ongoing challenges in the healthcare sector, where cybercriminals frequently target entities with access to large volumes of sensitive personal and medical data.
The cybersecurity incident occurred at CPAP Medical Supplies and Services, resulting in unauthorized access to sensitive data stored within their systems. Exposed information may include:
Names and contact information
Dates of birth
Social Security numbers
Health insurance information
Medical records
The exposure of Social Security numbers and other personal identifiers significantly increases the risk of identity theft, financial fraud, and other malicious activity.
Although no cases of identity fraud linked to this incident have been reported, we advise clients to:
Activate the free Experian credit monitoring provided
Review credit reports and healthcare statements for suspicious activity
Consider placing a Fraud Alert or Security Freeze on credit files
If you received a notification about the breach, you may want to explore your legal options. CPAP Medical Supplies and Services to protect sensitive patient data has potentially exposed individuals to identity theft and other risks. You could be eligible to join a class action lawsuit against CPAP Medical Supplies and Services for damages caused by the breach.
To determine if you qualify for the class action lawsuit or need further legal support, contact Class Action U for a free consultation. Our legal experts can help you navigate the next steps and ensure that your voice is heard in the fight for justice and accountability.
©2024 ClassActionU
