Healthcare Services Group Discloses 2024 Data Breach Impacting Over 600,000 People

Healthcare Services Group has disclosed that a data security incident from last year exposed the sensitive personal information of nearly 625,000 individuals.

 

Healthcare Services Group, based in Bensalem, Pennsylvania, provides management services for housekeeping, laundry, dining, and nutrition in hospitals. According to the company’s website, it operates in 3,000 facilities across 48 states and employs a workforce of 35,000.

 

In a data security incident notice filed with the Office of Maine Attorney General, HSGI said that on October 7, it identified unauthorised access within its internal network. The healthcare service provider company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“The investigation determined that an unauthorised actor may have accessed and copied certain files on our computer systems between September 27, 2024, and October 3, 2024,” HSGI said.

 

The compromised data included  names, Social Security numbers, driver’s license numbers, state identification numbers, financial account information and full access credentials. The filing with the Maine state regulator also states that the HSGI has identified at least 624,496 individuals impacted by the incident.

 

“Upon learning of this incident, we promptly took steps to secure our systems, began a comprehensive investigation, and worked to provide affected plans to individuals with notice. We have implemented additional security measures to mitigate risk associated with this event and to help prevent similar future incidents,” the company added.

 

The HSGI has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

It has also offered complimentary identity protection and credit monitoring services through Experian to all affected individuals.

 

 

 

The Underground ransomware group claimed responsibility for the cyber attack and listed HSGI as a victim on its data leak site. The group claimed to be in possession of 1.1 TB of  the organisation’s data and threatened to leak it unless its ransom demands weren’t met.