Healthcare Services Group discloses 2024 data breach that impacted 624,496 people

Healthcare Services Group suffered a 2024 breach, exposing personal data of 624,000+ people. Affected individuals are now being notified.

In 2024, Healthcare Services Group suffered a data breach that impacted over 624,496 people, as per notification sent to the Maine Attorney General’s Office.

Healthcare Services Group, Inc. (HCSG) is a U.S.-based company that provides housekeeping, laundry, dining, and nutritional services to healthcare facilities, primarily nursing homes, assisted living centers, and hospitals.

Founded in 1976 and headquartered in Bensalem, Pennsylvania, HCSG supports thousands of long-term care and healthcare facilities across the country. Its core business is outsourcing non-clinical services so that facilities can focus on patient care.

Once the security breach was discovered, Healthcare Services Group quickly investigated the incident and notified law enforcement. The company added that it is implementing new safeguards and staff training.

Hackers accessed company systems between September 27, 2024, and October 3, 2024, stealing files with personal data before discovery on October 7.

“On October 7, 2024, HSGI learned of potential unauthorized access to certain HSGI computer systems. Upon learning of the activity, HSGI quickly took steps to secure its computer systems and began an investigation to determine the nature and scope of the activity.” reads the data breach notification. “The investigation determined that an unauthorized actor may have accessed and copied certain files on HSGI’s computer systems between September 27, 2024, and October 3, 2024. As a result, we undertook an extensive review of the involved files to determine whether they contained sensitive information and to whom the information relates.”

The compromised data includes name, Social Security number, driver’s license number, state identification number, financial account information and full access credentials.

The company notified state regulators and major credit bureaus, but it hasn’t disclosed details about the attack.

Impacted individuals get 12 months of free Experian credit monitoring, plus guidance on fraud alerts, credit freezes, free reports, and reporting identity theft.

HCSG says there’s no evidence of fraud from the breach but urges individuals to remain vigilant.

At this time, no known ransomware groups claimed responsibility for the attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)