Healthcare Services Group data breach impacts 624,000 people

The Healthcare Services Group (HSGI) is alerting more than 600,000 individuals that their personal information was exposed in a security breach last year. The healthcare services provider stated that it detected unauthorized access to its network on October 7, 2024, and subsequently discovered that the intrusion had begun on September 27. The investigation that followed revealed that the intruders had exfiltrated data from the systems they had accessed. “The investigation determined that an unauthorized actor may have accessed and copied certain files on our computer systems between September 27, 2024, and October 3, 2024,” reads the notification. “As a result, we undertook an extensive review of the involved files to determine whether they contained sensitive information and to whom the information relates.” This process took roughly ten months, as impacted individuals received notifications about the data breach only on August 25, 2025. Healthcare Services Group is a publicly traded company in Pennsylvania that specializes in providing support services to healthcare facilities across the United States. The organization has an annual revenue of $1.7 billion, and its services are of strategic importance to the safe and smooth functioning of thousands of healthcare facilities in the country. The types of data compromised in this incident, varies per individual, and may include: Full name Social Security number Driver’s license number State identification number Financial account information Account access credentials The organization stated that, as of now, there's no evidence of any misuse of the stolen information. HSGI offers 12 and 24-month credit monitoring and identity theft protection services coverage to individuals affected by the breach, depending on the severity of the exposed data. In addition to this, the company recommends that people remain vigilant for phishing and scamming attempts and report suspicious activity on their banking accounts to the authorities. As of writing, no ransomware groups have claimed the attack on HSGI. BleepingComputer has contacted the organization to learn more about the incident, and we will update this post with their response once it reaches us.