HMG Healthcare Data Breach Affects 80,000 Individuals
HMG Healthcare, LLC, a Texas-based healthcare services provider, has recently confirmed that the protected health information of up to 80,000 individuals was exposed and potentially stolen in a cyberattack that was detected in November 2023.
A forensic investigation was launched after suspicious network activity was detected, which confirmed that unauthorized individuals first gained access to its network in August 2023. The investigation also confirmed that unencrypted files were copied but it “was not feasible” to identify exactly what types of information were obtained by the hackers. It is unclear why that determination was made, such as whether there was insufficient logging or if a comprehensive review would prove too timely and costly. HMG Healthcare said the files that were removed from its network likely contained information such as names, dates of birth, contact information, general health information, medical treatment information, Social Security numbers, and/or employment records.
The exact nature of the attack was not disclosed; however, HMG Healthcare did explain that it “worked diligently to ensure the stolen files were not further shared by the hackers,” which suggests that the hacking group behind the attack attempted to extort HMG Healthcare and payment was made to prevent the publication/sale of the stolen data. It is currently unclear which group was behind the attack.
The breach has affected employees and residents at 40 affiliated nursing facilities in Texas and Kansas:
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
- Accel at College Station
- Arbor Court Retirement Community at Alvamar (Independent Living)
- Arbor Court Retirement Community at Salina (Independent Living)
- Arbor Court Retirement Community at Topeka (Independent Living)
- Arbrook Plaza
- Cimarron Place Health & Rehabilitation Center
- Crowley Nursing and Rehabilitation
- Deerbrook Skilled Nursing & Rehab
- Forum Parkway Health & Rehabilitation
- Friendship Haven Healthcare & Rehab Center
- Green Oaks Nursing and Rehabilitation
- Gulf Pointe Plaza
- Gulf Pointe Village (Assisted Living Only)
- Harbor Lakes Nursing and Rehabilitation Center
- Hewitt Nursing and Rehabilitation
- Holland Lake Rehabilitation and Wellness Center
- Lone Star Rehabilitation and Wellness Center
- Methodist Transitional Care Center
- Mission Nursing and Rehabilitation Center
- Northgate Plaza (Legacy)
- Park Manor of BeeCave (Legacy)
- Park Manor of Conroe
- Park Manor of CyFair
- Park Manor of Cypress Station
- Park Manor of Humble
- Park Manor of Mckinney (Legacy)
- Park Manor of Quail Valley
- Park Manor of South Belt
- Park Manor of The Woodlands
- Park Manor of Tomball
- Park Manor of Westchase
- Pecan Bayou Nursing and Rehabilitation
- Red Oak Health and Rehabilitation Center
- Silver Spring Health & Rehabilitation Center
- Smoky Hill Health and Rehabilitation
- Stallings Court Nursing and Rehabilitation
- Stonegate Nursing and Rehabilitation
- Tanglewood Health and Rehabilitation
- Treviso Transitional Care
- Willowbrook Nursing Center
The substitute breach notice on the HMG Healthcare website advises the affected individuals to monitor their account statements and credit reports to identify any suspicious activity but makes no mention of credit monitoring and identity theft protection services being offered. HMG Healthcare said it has increased its data security protocols to prevent similar cyberattacks and data breaches in the future.
