Healthcare Services Group reports data breach affecting more than 624,000 individuals

Healthcare Services Group, Inc. (HSG), a Bensalem, Pennsylvania-based company that provides support services to healthcare facilities nationwide, has disclosed a data breach that compromised the personal and health information of 624,496 people, including nearly 3,900 Maine residents.

The company first revealed the cybersecurity incident in an October 16, 2024, filing with the U.S. Securities and Exchange Commission, reporting that suspicious activity had been detected within its systems earlier that month. An internal investigation, supported by third-party specialists, later determined that attackers gained access to HSG’s network between September 27 and October 3, 2024, and exfiltrated files containing sensitive information.

On June 3, 2025, the company confirmed that the stolen data included names, dates of birth, Social Security numbers, driver’s license and state identification numbers, and in some cases, financial account information. The breach report filed with the Maine Attorney General indicates that 3,871 state residents were among those affected.

Notification letters began going out on August 25, 2025. HSG is offering complimentary credit monitoring and identity theft protection services to impacted individuals. While the company said it is not aware of any misuse of the stolen information, it urged recipients to remain vigilant and review account statements and credit reports for signs of fraud.

HSG provides environmental, dining, and nutritional support services to more than 3,000 healthcare facilities across 48 states and employs over 45,000 people. The company said the breach is not expected to have a material impact on its financial condition or operations but acknowledged that personal and health information was compromised.