Healthcare Services Group is notifying over 624,000 individuals that their personal information was stolen in a data breach.
The incident, the organization says, was identified on October 7, 2024, and involved unauthorized access to its systems between September 27, 2024, and October 3, 2024.
During the timeframe, the hackers copied certain files from the compromised machines, including files containing personal information.
The compromised data, Healthcare Services Group says, includes names, Social Security numbers, driver’s license numbers, state identification numbers, financial account details, and credentials.
The company notified the Maine Attorney General’s Office that 624,496 people were impacted by the data breach, and that it is providing them with 12 months of free credit monitoring and identity restoration services.
Immediately after discovering the incident, Healthcare Services Group secured its systems, implemented steps to mitigate risks associated with the incident, and notified law enforcement and relevant regulators.
The company says it has no evidence of identity theft or fraud as a result of the data breach, but advises the affected individuals to remain vigilant against such attacks.
The company initially disclosed the incident in an October 2024 filing with the US Securities and Exchange Commission (SEC), but neither that nor the new notice details the type of cyberattack it fell victim to.
No ransomware group has claimed responsibility for the incident.
Headquartered in Bensalem, Pennsylvania, Healthcare Services Group provides environmental, dining, and nutritional support services to more than 3,000 healthcare facilities across the US. The company has over 48,000 employees.
That’s why businesses must adopt proactive cybersecurity strategies that address:
- Password Security & Identity Management – Prevent unauthorized access to cloud tenants.
- Incident Response & Recovery – Rapid containment of breaches before damage escalates.
- Cybersecurity Solutions for Businesses & Individuals – Tailored protections for different risk levels.
- Security Audits & Vulnerability Assessments – Identifying weaknesses before attackers do.
- Managed Security Services – Continuous monitoring for suspicious activity.
- Penetration Testing – Simulating real-world intrusions to test resilience.
- Compliance & Regulatory Services – Ensuring adherence to frameworks like ISO, NDPR, and NIST.
- Cybersecurity Recruitment & Training – Building strong in-house expertise via our Cyber Protection Academy.
At CyberTech Nexus, we provide end-to-end cybersecurity services, from IT & Cybersecurity Consultancy to Incident Response, Managed Security, and Cyber Protection Training, to help organizations anticipate, prevent, and respond to such threats.