Healthcare services provider HMG Healthcare has disclosed a data breach impacting the personal health information of employees and residents at 40 affiliated nursing facilities.
According to a notice from the organization, the incident was identified in November 2023 but an investigation determined that the data breach occurred in August 2023.
“The incident involved hackers gaining access to our server and stealing unencrypted files. Files on the server likely contained medical records and personal information,” HMG Healthcare notes in an incident notification on its website.
The compromised information includes names, contact information, dates of birth, health information, medical treatment details, Social Security numbers, and employee records.
“We are notifying affected individuals and/or their responsible parties that during August 2023, a server containing your or a loved one’s information was accessed without authorization and the records were potentially compromised,” HMG Healthcare said.
While it did not provide specific details on the type of cyberattack it fell victim to, HMG might have been targeted by an extortion gang, likely a ransomware group, and appears to have been in contact with the attackers, to prevent the public release of the stolen data.
“HMG worked diligently to ensure that the stolen files were not further shared by the hackers to other sources. HMG attempted to identify the specific data that was compromised but we have now determined that such identification is not feasible,” it said.
The potentially impacted individuals are advised to monitor their account statements and credit reports to identify any suspicious activity.
The organization has named a total of 40 facilities in Texas and Kansas that were affected by the incident, some of which may not be known by an “HMG” name, but did not say how many individuals might have been impacted.