HMG Healthcare Reports Theft of Unencrypted Patient Data
Texas-based care provider HMG Healthcare recently disclosed a major security breach where hackers accessed and stole unencrypted patient data. Although the company is still investigating the exact nature of the stolen data, it confirmed that it involved sensitive information regarding both patients and staff.
The data breach occurred in August 2023, with HMG only becoming aware of it in November of that same year. According to HMG’s statement, the breached data likely includes “medical records and personal information.” This could include names, dates of birth, contact information, medical records, social security numbers, and employment records.
To date, there is no clarity on the exact nature of the data stolen, potential suspects, or how the breach occurred. The care provider’s statement only admits that “HMG attempted to identify the specific data that was compromised but we have now determined that such identification is not feasible.”
HMG claims that it “quickly identified” the breach and fully investigated the incident. The company has taken steps to “mitigate any potential harm” and protect against future breaches. This includes a review of its “policies, procedures, and safeguards to “ensure the security and integrity of electronic health information.”
Residents and employees potentially impacted by the breach have been mailed notices. HMG also published press releases and official statements on its website for those with insufficient or outdated contact information. However, the notice urges potential breach victims to take steps to protect themselves. For example, by monitoring their account statements and credit bureau reports.
HMG Healthcare is located in Woodlands, Texas. According to its website, it operates 37 nursing facilities across Texas and Kansas, with over 3,500 residents and 4,100 employees. Its notice lists 40 facilities implicated in the breach, including those run by affiliates.
This is another example in a worrying trend of hackers targeting healthcare facilities. We reported on a similar data breach involving HealthEC LLC just last week.
Please, comment on how to improve this article. Your feedback matters!