Healthcare Services Group is notifying over 624,000 individuals that their personal information was stolen in a data breach.
The incident, the organization says, was identified on October 7, 2024, and involved unauthorized access to its systems between September 27, 2024, and October 3, 2024.
During the timeframe, the hackers copied certain files from the compromised machines, including files containing personal information.
The compromised data, Healthcare Services Group says, includes names, Social Security numbers, driver’s license numbers, state identification numbers, financial account details, and credentials.
The company notified the Maine Attorney General’s Office that 624,496 people were impacted by the data breach, and that it is providing them with 12 months of free credit monitoring and identity restoration services.
Immediately after discovering the incident, Healthcare Services Group secured its systems, implemented steps to mitigate risks associated with the incident, and notified law enforcement and relevant regulators.
The company says it has no evidence of identity theft or fraud as a result of the data breach, but advises the affected individuals to remain vigilant against such attacks.
The company initially disclosed the incident in an October 2024 filing with the US Securities and Exchange Commission (SEC), but neither that nor the new notice details the type of cyberattack it fell victim to.
SecurityWeek has not seen any known ransomware groups claiming responsibility for the incident.
Headquartered in Bensalem, Pennsylvania, Healthcare Services Group provides environmental, dining, and nutritional support services to more than 3,000 healthcare facilities across the US. The company has over 48,000 employees.
Related: Hundreds of Thousands Affected by Auchan Data Breach
Related: Chip Programming Firm Data I/O Hit by Ransomware
Related: Cyberattack Disrupts Unemployment Benefits in Some States
Related: Arch Linux Project Responding to Week-Long DDoS Attack
