The Healthcare Companies Group (HSGI) is alerting greater than 600,000 people that their private data was uncovered in a security breach final yr.
The healthcare providers supplier said that it detected unauthorized entry to its community on October 7, 2024, and subsequently found that the intrusion had begun on September 27.
The investigation that adopted revealed that the intruders had exfiltrated information from the programs that they had accessed.
“The investigation decided that an unauthorized actor might have accessed and copied sure information on our pc programs between September 27, 2024, and October 3, 2024,” reads the notification.
“Consequently, we undertook an intensive evaluation of the concerned information to find out whether or not they contained delicate data and to whom the knowledge relates.”
This course of took roughly ten months, as impacted people acquired notifications concerning the data breach solely on August 25, 2025.
Healthcare Companies Group is a publicly traded firm in Pennsylvania that focuses on offering help providers to healthcare amenities throughout the US.
The group has an annual income of $1.7 billion, and its providers are of strategic significance to the secure and easy functioning of 1000’s of healthcare amenities within the nation.
The varieties of information compromised on this incident, varies per particular person, and should embrace:
- Full identify
- Social Safety quantity
- Driver’s license quantity
- State identification quantity
- Monetary account data
- Account entry credentials
The group said that, as of now, there isn’t any proof of any misuse of the stolen data.
HSGI provides 12 and 24-month credit score monitoring and identification theft safety providers protection to people affected by the breach, relying on the severity of the uncovered information.
Along with this, the corporate recommends that individuals stay vigilant for phishing and scamming makes an attempt and report suspicious exercise on their banking accounts to the authorities.
As of writing, no ransomware teams have claimed the assault on HSGI.
BleepingComputer has contacted the group to be taught extra concerning the incident, and we’ll replace this put up with their response as soon as it reaches us.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration traits.
