HMSA Data Breach Lawsuit Investigation

Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Health Management Systems of America data breach.

If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.

About Health Management Systems of America

Health Management Systems of America, also known as HMSA, is a Detroit-based behavioral healthcare company. Established in 1980, HMSA has grown from a small counseling clinic into a national provider of behavioral health management, employee assistance and community support services.

HMSA serves a wide range of clients, including Fortune 500 corporations, government agencies, school systems, hospital systems and local communities. Their services include employee assistance programs, student assistance, reentry support, wellness services and organizational development.

What Happened?

On Dec. 9, 2024, HMSA discovered unauthorized activity involving a single email account as a result of a spear phishing campaign. The company posted a Notice of Security Incident on its website on Nov. 11, 2025, informing the public about the breach and ongoing investigation.

An IT security firm was hired to investigate the incident, and the Department of Health and Human Services was notified. The investigation found that an unauthorized actor gained access to one email account and acquired certain emails. Some of these emails contained personal and protected health information.

HMSA is working with legal and data review teams to determine exactly what information was involved and who was affected. Individuals whose data was involved will receive a notice letter by mail, and substitute notice will be provided on HMSA’s website if a current address cannot be found.

Possible Information Exposed

• Name
• Address
• Phone number
• Social Security or Tax ID numbers
• Medical information
• Health insurance details

Your Rights and Next Steps

If you received a notice about the HMSA data breach or believe your information may have been involved, you have important rights and options. You may be entitled to seek compensation for any harm or inconvenience caused by this cybersecurity incident.

• Communication and credit monitoring services: Review and save any notification letters you receive. Enroll in free credit monitoring and identity protection services, if offered.
• Monitor your accounts carefully: Check your financial statements regularly for suspicious activity or unauthorized transactions. If you notice anything unusual, contact your financial institution immediately.
• Fraud alert and credit reports: A fraud alert informs creditors to take extra steps to verify your identity before opening new accounts in your name. Consumers are also entitled to one free credit report annually from each credit bureau. You can request a fraud alert or a credit report by contacting any one of the three major credit bureaus.
• Seek legal help: Lawyers are ready to help you understand your rights and pursue compensation.

You May Be Entitled to Compensation

If your personal information was exposed in the HMSA data breach, you may be eligible for compensation, which could include reimbursement for out-of-pocket expenses, time spent addressing the breach, or payment for emotional distress.

Data breach laws provide protections and remedies for individuals whose sensitive information is compromised due to a company’s failure to safeguard data. To find out if you qualify and to join a lawsuit, complete the form below.

Sources

• Health Management Systems of America Notice of Data Breach