Healthcare Services Group yesterday confirmed it notified 624,496 people of an October 2024 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Government-issued ID number (driver’s license, passport, etc)
- Bank account numbers
- Credit and debit card numbers
- Medical info
- Health insurance info
Ransomware gang Underground took credit for the breach on October 25, 2024, saying it stole 1.1 TB of data from Healthcare Services Group. Underground says it stole confidential legal and financial documents, employees’ Social Security numbers, stockholder documentation, tax documents, invoices, payroll, and other employee info.
Healthcare Services Group has not verified Underground’s claim. We do not know if Healthcare Services Group paid a ransom, how much Underground demanded, or how attackers breached HCSG’s network. Comparitech contacted Healthcare Services Group for comment and will update this article if it replies.
“On October 7, 2024, we learned of potential unauthorized access to certain HSGI computer systems,” HCSG says in its notice (PDF) to victims. “The investigation determined that an unauthorized actor may have accessed and copied certain files on our computer systems between September 27, 2024, and October 3, 2024.”
HCSG is offering eligible victims free identity restoration assistance through Experian.
An 8-K SEC report filed shortly after the attack occurred states, “As of the date of this filing, the incident has not caused, and is not expected to cause, disruption of the Company’s business operations. And although the full nature and scope of the incident is not yet known, the Company does not believe it will have a material effect on its financial condition or results of operations.”
The company’s 2024 annual report (PDF) reiterated the attack did not disrupt business operations.
That report also mentions the company is investing in AI that might create additional risk. “We are evaluating use cases to implement generative artificial intelligence (“Gen AI”) technologies into our business processes, which may present additional risks to our business,” it says.
Who is Underground?
Underground is a ransomware group formed in mid-2023 that locks down Windows computers and steals data. It then demands a ransom to restore systems and to not sell or release the data.
Underground has claimed responsibility for nine confirmed ransomware attacks, most of which hit construction and manufacturing companies. It made another 15 unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.
Earlier this year, Taiwanese manufacturer Sheng Yu Steel reported a data breach claimed by Underground, which said it stole 354 GB of data.
Ransomware attacks on healthcare businesses
In 2024, Comparitech researchers logged 30 attacks on healthcare businesses that do not provide direct care to patients, compromising more than 196 million records. Most of those records stemmed from an attack on Change Healthcare in February 2024. This attack on HCSG is the fourth-largest by number of records compromised.
The other two biggest ransomware breaches were:
- Censora notified 1.43 million people of a February 2024 breach claimed by DarkAngels. Cencora paid $75 million in ransom, which was half of DarkAngel’s original demand.
- Numotion notified 700,000 people of a February 2024 data breach claimed by Black Basta
In 2025 to date, we’ve logged 10 confirmed ransomware attacks on non-direct care healthcare businesses, compromising 5.5 million records. Most of those came from a breach at Episource, which notified 5.4 million people of a January 2025 ransomware attack.
Ransomware attacks on healthcare providers can cripple critical systems and endanger the health, privacy, and security of patients. Targeted companies must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About Healthcare Services Group
Headquartered in Bensalem, PA, Healthcare Services group manages housekeeping, laundry, dining, and nutritional services at hospitals. It operates at 3,000 facilities in 48 states and employs 35,000 people, according to HCSG’s website.
