Over Half a Million Hit in Major Healthcare Data Breach With SSNs, Financial Info and More Exposed — What to Do Now

News
By published

Yet another healthcare services provider has fallen victim to hackers

An open lock depicting a data breach
(Image credit: Shutterstock)

Even if you take your online security very seriously, your personal data and your financial information could end up in the hands of hackers thanks to a data breach. This is especially true now as hackers keep going after healthcare providers, as they hold vast troves of valuable data.

As reported by BleepingComputer, the latest company in this industry to fall victim to a cyberattack is Pennsylvania-based Healthcare Services Group (HSGI), which has begun sending out data breach notification letters to impacted individuals. In total, 624,000 people are affected by this major healthcare data breach, which took place last year.

At the end of September 2024, hackers managed to gain access to HSGI’s network, but it wasn’t until October 7th that the company discovered something was amiss. The company then conducted an internal investigation to reveal what types of data were exposed during this period.

Here’s everything you need to know about this new data breach, along with how to see if you’re affected and some tips and tricks to stay safe from hackers following a security incident like this one.

Compromised data

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

Although hackers gained unauthorized access to its network in the fall of last year, it has taken roughly ten months for HSGI to determine whether or not the files stolen during the attack contained sensitive information and how many individuals are impacted.

In a sample data breach notification letter (PDF) shared with the Vermont Attorney General, the company provided further insights into the nature of the attack and its response to it. HSGI also revealed that the following personal and financial data may have been exposed as a result:

  • Full names
  • Social Security numbers
  • Driver’s license numbers
  • State identification numbers
  • Financial account information
  • Account access credentials

It’s worth noting that the exposed information varies from individual to individual. So while one person’s full name and account credentials may have been exposed, another person might have also had their Social Security number compromised.

How to stay safe after a data breach

A nervous woman looking at her phone

(Image credit: Shutterstock)

Given that HSGI provides dining, housekeeping and laundry services to hospitals and healthcare facilities across 48 states in the U.S., there’s a chance that you may be impacted even if you’ve never heard of the company before. For this reason, you’re going to want to keep a close eye on your mailbox since data breach notification letters are sent the old-fashioned way instead of over email.

If you do get a letter in regard to this breach at HSGI, it will explain exactly what types of your personal or financial data were exposed. Likewise, as the company is providing free access to one of the best identity theft protection services, there will be a code you can use to activate your new subscription. It’s unclear if impacted individuals will get 12 months or two years of credit monitoring and identity restoration from Experian based on the sample letter, but I’d suggest taking them up on this offer regardless.

At this time, there’s no evidence that any of this stolen data has been misuse,d but you’re still going to want to be extra careful both in real life and online. This is because hackers could use this stolen data to launch targeted phishing attacks, to commit fraud or to steal your identity if your Social Security number was exposed. As such, you want to be extra vigilant when checking your inbox since hackers may use some of this stolen info to trick you into giving them even more. They could also try to infect your devices with malware, so you don’t want to download any attachments or click on links in emails from unknown senders and especially those that use a sense of urgency to get you to do something.

To protect yourself from malware and other threats online, you should be using the best antivirus software on your PC, the best Mac antivirus software on your Apple computer or one of the best Android antivirus apps on your Android phone. There’s no iOS equivalent to the latter, but Intego’s Mac antivirus software can scan an iPhone or iPad for malware when connected to a Mac via USB.

I highly doubt this is the last data breach we’ll see at a company in the healthcare industry, as hackers have launched a string of attacks against them over the last year. Unfortunately, though, there’s not really much you can do to keep your data safe when it’s in the hands of a company. However, while you can't control a company's security, you have the power to take immediate action to protect yourself once a breach is reported.

Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.

More from Tom's Guide

See more Computing News
Anthony Spadafora
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.