HSGI Data Breach Exposes 624,496 Individuals' PII and PHI

Healthcare Services Group Inc. (HSGI) experienced a massive data breach affecting at least 624,496 individuals across the United States. The incident was a ransomware attack and was discovered on June 3, 2025. The ransomware group Underground claimed responsibility for the attack, stating they obtained 1.1 TB of HSGI’s data and posted about the breach on the Tor network.

According to disclosures filed with state regulators, the cybercriminals accessed and copied sensitive files between Sept. 27 and Oct. 3, 2024. Both personally identifiable information (PII) and protected health information (PHI) were compromised in the breach.

Exposed information includes names, dates of birth, Social Security numbers, driver's license or state ID numbers, medical information, health insurance information, and financial information.

The cyberattack also potentially exposed confidential documents, agreements, contracts, legal records, vendor and supplier information, stockholder and tax documents, recruitment materials, service proposals, invoices, employee data, IDs, tax forms, payrolls, and related sensitive information.

Healthcare Services Group disclosed the data breach to the Maine, Massachusetts, South Carolina, Texas, California, New Hampshire, Washington and Vermont Attorney Generals' offices beginning on Aug. 25, 2025.

Impacted individuals includes 82,280 in Texas, 3,871 in Maine, 11,533 in South Carolina, 4,943 New Hampshire residents, 7,745 in Washington and 25,583 in Massachusetts.

HSGI has also begun notifying affected individuals by mail.

Healthcare Services Group's response

The company notified federal law enforcement and has taken steps to enhance its cybersecurity measures. In addition to the required state and federal disclosures, Healthcare Services Group is offering 24 months of Experian IdentityWorks credit monitoring and identity restoration services.

If you receive notification from Healthcare Services Group about this breach, you may want to:

• Sign up for the free IdentityWorks credit monitoring services, offered by HSGI.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For more information about the company, visit the Healthcare Services Group website.