Healthcare Services Group Inc. (HSGI), a major provider of support services to healthcare facilities across the U.S., is notifying more than 600,000 individuals that their personal information was compromised during a cybersecurity breach that occurred in late 2024. The breach was first detected on October 7, 2024, but forensic investigations later revealed that threat actors had been inside the network since at least September 27. During this window, the attackers accessed and exfiltrated sensitive data from HSGI’s systems.
According to a statement issued by HSGI, the unauthorized actor copied certain files between September 27 and October 3, 2024. The organization undertook a lengthy review of the compromised files to determine what personal data had been exposed and to whom it belonged—a process that spanned roughly ten months. Affected individuals began receiving formal notifications on August 25, 2025.
The stolen information varies per individual but may include full names, Social Security numbers, driver’s license or state ID numbers, financial account details, and account credentials. Despite the nature of the compromised data, HSGI states there is currently no evidence of misuse. As a precautionary measure, the company is offering affected individuals either 12 or 24 months of credit monitoring and identity theft protection, based on the severity of their data exposure.
No ransomware group has claimed responsibility for the intrusion, and the exact methods used to breach the systems remain undisclosed. HSGI is urging all affected parties to stay vigilant against phishing scams and to closely monitor their financial accounts for any suspicious activity.
This breach underscores the critical importance of timely breach detection, incident response, and transparent communication in the healthcare sector. Healthcare organizations must not only invest in proactive monitoring and threat detection systems but also conduct regular data access audits and employee training to reduce dwell time and mitigate risk. Furthermore, delays in notification erode trust and may amplify regulatory scrutiny. Security teams should establish streamlined post-breach workflows that prioritize rapid impact assessment and timely disclosure to protect patient data and preserve institutional credibility
