HMG Healthcare breach exposes data of multiple facilities

In August 2023, hackers unlawfully accessed a server at the Texas healthcare organization, HMG Healthcare, LLC, leading to a significant data breach. 

What happened 

The breach compromised unencrypted files containing residents' and employees' sensitive personal and medical information, including names, dates of birth, contact information, health and medical treatment details, Social Security numbers, and employment records. HMG discovered this breach in November 2023 and took action to investigate and bolster its data security measures. On January 8, 2024, HMG notified the Texas Attorney General about the breach and began informing affected individuals. 

Going deeper 

The HMG Healthcare data breach affected a wide range of facilities due to the interconnected nature of its network and centralized data storage practices. As a healthcare provider with multiple locations, including nursing and rehabilitation centers, retirement communities, and assisted living facilities, HMG likely maintained a unified electronic health record (EHR) system or a connected network of servers to store and manage patient and employee information. There are over thirty companies affected, with the data impacted possibly including: 

• Names
• Dates of birth
• Contact information
• General health information
• Medical treatment information
• Social security numbers
• Employment records
• Financial information (including account numbers, credit or debit card numbers)
• Health insurance information

What was said

In their recent privacy update Chief Executive Officer & Managing Partner, Derek Prince stated: “We have reviewed our policies and procedures regarding safeguards to ensure the security and integrity of electronic health information and have increased our data security protocols. While we believe that the breach has been mitigated, you can take steps to protect yourself or loved one by monitoring account statements, explanations of benefits, and credit bureau reports closely…We sincerely apologize for any inconvenience and concern this incident causes you. “ 

See also: HIPAA Compliant Email: The Definitive Guide

The bottom line

The HMG Healthcare data breach is a significant event in the growing concern over healthcare data security, as reflected in recent news articles from Paubox and other sources. As it undergoes digital transformation, the healthcare industry becomes increasingly vulnerable to cyberattacks. Recent hacking incidents like the Transformative Healthcare breach reveal the scope of individuals that can be impacted and the role of healthcare organizations in taking preemptive measures. 

See also: How to respond to a data breach