Texas-based care provider HMG Healthcare has confirmed a security breach resulting in unauthorized access to sensitive personal data of its residents and employees. The incident, which occurred in August, involved the compromise of unencrypted files stored on the company’s server. The stolen information is believed to include personal details such as names, dates of birth, contact information, Social Security numbers, medical records, and other health-related data.
Key Takeaway
HMG Healthcare, a Texas-based care provider, has reported a data breach resulting in unauthorized access to unencrypted personal information of its residents and employees, including sensitive medical records and health-related data. The extent of the breach’s impact is still being determined, and the company is taking measures to bolster its data security protocols in response to the incident.
Details of the Breach
HMG Healthcare, headquartered in The Woodlands, Texas, offers various services, including memory care, rehabilitation, and assisted living. The company, which employs over 4,100 individuals and serves approximately 3,500 patients, estimates an annual revenue of more than $150 million. The breach was brought to light in November, months after the unauthorized access occurred. Despite efforts to identify the specific data compromised, the company has conceded that such an identification is not feasible at this time.
Extent of the Impact
While the exact number of affected individuals has not been disclosed by HMG Healthcare, a filing with the Texas attorney general revealed that approximately 75,000 Texans were impacted by the breach. The total number of non-state residents affected remains unknown.
Response and Ongoing Measures
HMG Healthcare has taken steps to inform individuals with outdated contact information about the breach and has stated that it is working to enhance its data security protocols in the wake of the incident. The company has not disclosed the nature of the cyberattack, and it remains unclear whether a ransom was paid to the hackers.