- Healthcare Services Group suffered a cyberattack in late September 2024
- The attackers stole sensitive data on more than 600,000 people
- The company is offering free identity theft monitoring
The Healthcare Services Group (HSGI), a support services provider for healthcare facilities, suffered a cyberattack in which it lost sensitive data on more than 600,000 people.
In a data breach notification letter, the company said it spotted the intrusion on October 7, 2024, and after investigating the incident, learned, “certain files” were stolen between September 27, and October 3.
In total, more than 624,000 people had their data stolen, which includes full names, Social Security numbers (SSN), driver’s license numbers, state identification numbers, financial account information, and account access credentials.
Pending abuse
The stolen data is extremely sensitive and can be exploited in multiple ways. With names, SSNs, and driver’s license numbers, they can commit all sorts of identity theft, from opening bank accounts, to taking out loans, or even filing fraudulent tax returns.
Financial account information and login credentials allow attackers to steal money directly or gain access to other online accounts if passwords are reused. With personal details, criminals can carry out sophisticated phishing attacks or social engineering schemes, tricking victims into revealing even more information or impersonating them for fraudulent purposes.
According to CyberInsider, breaches like this “could lead to downstream privacy risks or compliance implications under HIPAA and other frameworks,” as well.
None of this appears to be happening right now, as HSGI says there is no evidence the data is being abused in the wild – but this doesn’t mean it won’t happen, though, and all victims are being offered free identity theft protection services for either 12 or 24 months, depending on the combination of data stolen.
In the meantime, victims should be extra careful of incoming email messages, or other forms of communication, especially those claiming to come from HSGI. Emails carrying attachments, or a sense of urgency, should be particularly scrutinized, as these are most likely fraud attempts.