The Healthcare services provider HMG Healthcare has disclosed a data breach that impacted 40 affiliated nursing facilities.
In November 2023, the Healthcare services provider HMG Healthcare discovered a data breach that exposed personal health information related to residents and employees at HMG affiliated nursing facilities.
The company immediately launched an investigation into the incident and discovered that threat actors in August gained access to a company server and stolen unencrypted files.
Stolen files contained medical records and personal information, including names, dates of birth, contact information, general health information, information regarding medical treatment, social security numbers and/or employment records.
“We are notifying affected individuals and/or their responsible parties that during August 2023, a server containing your or a loved one’s information was accessed without authorization and the records were potentially compromised.” reads the data breach notification sent to the impacted individuals. “The incident involved hackers gaining access to our server and stealing unencrypted files.”
HMG Healthcare immediately took steps to mitigate the security incident and prevent further breaches.
“HMG attempted to identify the specific data that was compromised but we have now determined that such identification is not feasible.” continues the notification.
The company recommends that impacted individuals monitor account statements, explanations of benefits, and credit bureau reports.
The organization set up a contact center to respond to any questions. It also published the list of impacted facilities.
The notification doesn’t include details about the attack, however, experts believe the organization was the victim of a ransomware attack.
(SecurityAffairs – hacking, HMG Healthcare)