- The health services group underwent a cyber attack at the end of September 2024
- The attackers stole sensitive data on more than 600,000 people
- The company offers free surveillance of identity theft
The Healthcare Services Group (HSGI), a support provider for health establishments, has undergone a cyber attack in which it has lost sensitive data on more than 600,000 people.
In a letter of notification of data violation, the company said that it had identified the intrusion on October 7, 2024 and after investigating the incident, learned that “certain files” were stolen between September 27 and October 3.
In total, more than 624,000 people have stolen their data, which includes complete names, social security numbers (SSN), driving license numbers, state identification numbers, financial accounts and account access information.
Waiting abuse
Stolen data is extremely sensitive and can be used in several ways. With names, SSNs and driving license numbers, they can commit all kinds of identity flights, the opening of bank accounts, obtaining loans or even producing fraudulent income declarations.
Information on financial accounts and connection identification information allows attackers to steal money directly or access other online accounts if passwords are reused. With personal details, criminals can carry out sophisticated phishing attacks or social engineering regimes, encourage victims to reveal even more information or identify them for fraudulent purposes.
According to CyberinsiderViolations like this “could lead to the risk of downstream confidentiality or to implications of conformity within the framework of the HIPAA and other executives”.
None of this seems to happen right now, because HSGI says that there is no evidence that the data will be abused in the wild – but that does not mean that this will not happen, however, and all the victims are offered free identity flight protection services for 12 or 24 months, depending on the combination of stolen data.
In the meantime, the victims should pay very attention to incoming electronic messages or other forms of communication, in particular those who claim to come from HSGI. E-mails with attachments, or a feeling of emergency, must be particularly examined, because they are most likely attempts at fraud.
