Healthcare Services Group, Inc. Data Breach: What You Need to Know

On August 25, 2025, Healthcare Services Group, Inc. (“HSG”) reported a major cybersecurity incident to the Maine Attorney General’s Office. 

The data breach, which occurred between September 27 and October 3, 2024, has impacted an estimated 624,496 individuals across the United States.

If you received a Notice of Data Breach letter from HSG, it means your personal information may have been compromised, and you may have legal options. Contact Morgan & Morgan for a free case evaluation to learn more.

What Happened With the HSG Data Breach?

According to reports, an unauthorized actor gained access to HSG’s computer systems in late September 2024. The company first detected the intrusion on October 7, 2024, and began working with third-party cybersecurity experts to investigate the scope of the incident. By June 3, 2025, HSG confirmed that sensitive data had been accessed and obtained.

HSG has since started notifying affected individuals and is offering complimentary credit monitoring and identity protection services.

What Information Was Involved?

The types of data that may have been exposed in the HSG data breach include:

• Full names
• Dates of birth
• Social Security numbers
• Driver’s license numbers
• Medical or healthcare-related information
• Financial account information

This combination of information, known as Personally Identifiable Information (PII) and Protected Health Information (PHI), is extremely valuable to identity thieves. Once in the wrong hands, it can be used to commit fraud, open unauthorized accounts, or even access medical services in your name.

The Implications of This Data Breach

HSG, headquartered in Bensalem, Pennsylvania, provides support services, such as dining, nutrition, laundry, and housekeeping, to more than 3,000 hospitals and healthcare facilities nationwide. With more than 45,000 employees, the company plays a significant role in the healthcare industry.

That makes the scale of this breach particularly troubling. Healthcare providers and companies that handle sensitive patient information are required under federal and state law to safeguard PHI. Failing to do so can expose consumers to long-term harm and may open companies up to legal consequences.

Steps You Can Take Now

If you received a notification letter, you should take action immediately:

1. Enroll in the free credit monitoring offered by HSG.
2. Place a fraud alert or consider a credit freeze with the major credit bureaus.
3. Monitor your bank accounts and medical records for unusual activity.
4. Report suspicious activity right away to your financial institution and healthcare provider.

California residents may also have additional rights under the California Consumer Privacy Act (CCPA), which provides stronger protections and avenues for recourse after a breach.

How Morgan & Morgan Can Help

At Morgan & Morgan, we believe companies that collect and store sensitive information have a duty to protect it. When they fail, victims of data breaches deserve answers and compensation for the risks and damages they face.

If you received a Notice of Data Breach letter from Healthcare Services Group, you may be entitled to financial relief. Our attorneys are already investigating this breach, and we want to help you understand your legal options.

Fill out our free, no-obligation case evaluation form. It costs nothing to hire us, and we only get paid if we win your case.