The Healthcare Services Group (HSGI) is alerting more than 600,000 individuals that their personal information was exposed in a security breach last year.
The healthcare services provider stated that it detected unauthorized access to its network on October 7, 2024, and subsequently discovered that the intrusion had begun on September 27.
The investigation that followed revealed that the intruders had exfiltrated data from the systems they had accessed.
“The investigation determined that an unauthorized actor may have accessed and copied certain files on our computer systems between September 27, 2024, and October 3, 2024,” reads the notification.
“As a result, we undertook an extensive review of the involved files to determine whether they contained sensitive information and to whom the information relates.”
This process took roughly ten months, as impacted individuals received notifications about the data breach only on August 25, 2025.
Healthcare Services Group is a publicly traded company in Pennsylvania that specializes in providing support services to healthcare facilities across the United States.
The organization has an annual revenue of $1.7 billion, and its services are of strategic importance to the safe and smooth functioning of thousands of healthcare facilities in the country.
The types of data compromised in this incident, varies per individual, and may include:
- Full name
- Social Security number
- Driver’s license number
- State identification number
- Financial account information
- Account access credentials
The organization stated that, as of now, there's no evidence of any misuse of the stolen information.
HSGI offers 12 and 24-month credit monitoring and identity theft protection services coverage to individuals affected by the breach, depending on the severity of the exposed data.
In addition to this, the company recommends that people remain vigilant for phishing and scamming attempts and report suspicious activity on their banking accounts to the authorities.
As of writing, no ransomware groups have claimed the attack on HSGI.
BleepingComputer has contacted the organization to learn more about the incident, and we will update this post with their response once it reaches us.
Picus Blue Report 2025 is Here: 2X increase in password cracking
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Related Articles:
Kelly Benefits says 2024 data breach impacts 550,000 customers
DaVita says ransomware gang stole data of nearly 2.7 million people
Change Healthcare hacked using stolen Citrix account with no MFA
Major European healthcare network discloses security breach
Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Original Article Published at Bleeping Computer
________________________________________________________________________________________________________________________________