HMG Healthcare, a Texas-based care provider, has confirmed a significant breach of its data systems, resulting in unauthorized access to sensitive information of residents, employees, and their dependents. Despite efforts to assess the extent of the data breach, the specifics of the compromised information remain uncertain.
HMG Healthcare, with its headquarters in The Woodlands, Texas, offers various services including memory care, rehabilitation, and assisted living. The company boasts over 4,100 employees and serves around 3,500 patients, generating substantial annual revenues exceeding $150 million.
The breach was first detected in November when HMG discovered that hackers had accessed a server containing unencrypted files in August. These files potentially included personal details like names, birth dates, contact information, Social Security numbers, employment records, medical records, general health information, and details about medical treatments.
Despite thorough investigations, HMG's executives, including CEO Derek Prince, acknowledge the challenge in pinpointing the exact nature of the stolen data. This uncertainty raises concerns, particularly for individuals with outdated or insufficient contact information on file with HMG, indicating that historical patient data might also be at risk.
Details about the number of affected individuals are not fully disclosed. However, an official filing with the Texas attorney general reveals that approximately 75,000 Texans might have been impacted, not accounting for potential victims outside the state.
The nature of the cyberattack remains undisclosed. HMG has taken steps to prevent the further dissemination of the stolen files, a move sometimes seen in ransomware attacks where victims might pay a ransom to contain the spread of data. However, HMG has not confirmed if a ransom was paid in this instance.
Facilities in Kansas, including Tanglewood Health and Rehabilitation and Smoky Hill Health and Rehabilitation, are among the affected locations. In response to the breach, HMG's CEO announced that the organization has ramped up its data security protocols, though specifics of these enhanced measures are not detailed.
This incident highlights the growing concerns around cybersecurity in the healthcare sector, where sensitive personal and medical data are often targeted. The breach at HMG Healthcare serves as a stark reminder of the critical need for robust data protection and cybersecurity measures in the healthcare industry.