Healthcare Services Group Inc. (HSGI), a Pennsylvania-based provider of support services to U.S. healthcare facilities, said a data breach exposed the personal information of more than 624,000 individuals. The company said unauthorized access to its network was detected on Oct. 7, 2024, and that the intrusion began on Sept. 27, 2024, according to its notice.
The company said the intruders exfiltrated data from the systems they accessed. The breach notification states that an unauthorized actor may have accessed and copied certain files between Sept. 27 and Oct. 3, 2024, and that the company conducted an extensive review to determine who or what information was affected.
Notifications to affected individuals were issued on Aug. 25, 2025, after approximately ten months of review to determine the scope of the incident.
Data accessible to intruders varied by individual and may include full name, Social Security number, driver’s license number, state identification number, financial account information and account access credentials, according to the notification.
As a precaution, HSGI is offering 12- and 24-month credit monitoring and identity theft protection for those affected, depending on the severity of the disclosed data. The company advised recipients to be vigilant for phishing and other scam attempts and to report suspicious activity on banking accounts.
No evidence has been found of misuse of the stolen data to date, and as of this writing, no ransomware group has claimed responsibility for the breach.
Additional context: HSGI is a publicly traded firm with roughly $1.7 billion in annual revenue, and its services support thousands of healthcare facilities nationwide, underscoring the potential impact on operations across the sector.