- Healthcare Services Group suffered a cyber attack at the end of September 2024
- The attackers stole confidential data in more than 600,000 people
- The company offers free identity theft monitoring
The Health Services Group (HSGI), a support service provider for health facilities, suffered a cyber attack in which it lost confidential data in more than 600,000 people.
In a letter of data violation notification, the company said it saw the intrusion on October 7, 2024, and after investigating the incident, he learned, “certain files” were stolen between September 27 and October 3.
In total, more than 624,000 people stole their data, which include complete names, Social Security numbers (SSN), driver’s license numbers, state identification numbers, financial account information and credentials to access the account.
Pending abuse
Stolen data are extremely sensitive and can be exploited in multiple ways. With names, SSN and driver’s license numbers, you can commit all kinds of identity theft, from the opening of bank accounts, until you obtain loans or even submit fraudulent tax statements.
The financial account information and login credentials allow attackers to steal money directly or get access to other online accounts if passwords are reused. With personal data, criminals can carry out sophisticated phishing attacks or social engineering schemes, deceiving victims to reveal even more information or supply themselves for fraudulent purposes.
According Cyberinsidicinfractions such as this “could lead to privacy risks downstream or compliance implications under Hipaa and other frames,” too.
None of this seems to be happening at this time, since HSGI says that there is no evidence that the data is abused in nature, but this does not mean that it does not happen, all victims are offered free identity theft services for 12 or 24 months, depending on the combination of stolen data.
Meanwhile, victims must be very careful with incoming email messages or other forms of communication, especially those who claim to come from HSGI. Electronic emails that transport attachments, or a feeling of urgency, must be particularly examined, since these are probably fraud attempts.
