Healthcare Services Group Discloses 2024 Data Breach Impacting Over 624,000 People

A recent notification sent to the Maine Attorney General's Office revealed that Healthcare Services Group (HCSG) suffered a significant data breach in 2024, exposing personal data of over 624,496 people. HCSG, a U.S.-based company providing housekeeping, laundry, dining, and nutritional services to healthcare facilities, primarily nursing homes, assisted living centers, and hospitals, has been working to contain the incident and mitigate its impact.

Founded in 1976 and headquartered in Bensalem, Pennsylvania, HCSG supports thousands of long-term care and healthcare facilities across the country. Its core business is outsourcing non-clinical services, allowing facilities to focus on patient care. However, the recent breach has raised concerns about the security and confidentiality of sensitive information handled by the company.

The data breach occurred between September 27, 2024, and October 3, 2024, during which time hackers accessed HCSG's computer systems and stole files containing personal data. The incident was discovered on October 7, 2024, and the company promptly launched an investigation to determine the nature and scope of the activity.

"On October 7, 2024, HSGI learned of potential unauthorized access to certain HSGI computer systems," reads the data breach notification. "Upon learning of the activity, HSGI quickly took steps to secure its computer systems and began an investigation to determine the nature and scope of the activity." The investigation found that an unauthorized actor may have accessed and copied certain files on HCSG's computer systems during the specified timeframe.

The compromised data includes sensitive information such as name, Social Security number, driver's license number, state identification number, financial account information, and full access credentials. HCSG notified state regulators and major credit bureaus about the breach but has not disclosed further details about the attack.

Impacted individuals are being offered 12 months of free Experian credit monitoring, as well as guidance on fraud alerts, credit freezes, and reporting identity theft. While HCSG assures that there is no evidence of fraud from the breach, it urges individuals to remain vigilant and take necessary precautions to protect their personal information.

At this time, no known ransomware groups have claimed responsibility for the attack. The incident serves as a reminder of the importance of robust cybersecurity measures and the need for organizations to prioritize data protection in today's digital landscape.

If you or someone you know has been impacted by this breach, it is essential to take proactive steps to safeguard your personal information. Follow us on Twitter: @securityaffairs and Facebook and Mastodon for the latest updates and expert insights on cybersecurity and data protection.