Texas-based care supplier HMG Healthcare says hackers stole unencrypted affected person information – Cyber Tech

Texas-based care supplier HMG Healthcare has confirmed that hackers accessed the non-public information of residents and workers, however says it has been unable to find out what sorts of information have been stolen.

HMG Healthcare is headquartered in The Woodlands, Texas, and gives a variety of providers, together with reminiscence care, rehabilitation and assisted dwelling. HMG’s web site says it employs greater than 4,100 individuals and serves roughly 3,500 sufferers, producing greater than $150 million in annual revenues.

In a discover printed on its web site, HMG chief govt Derek Prince confirmed that hackers in August accessed a server storing “unencrypted information” containing delicate data belonging to sufferers, workers, and their dependents. HMG mentioned it discovered of the breach months later in November.

HMG mentioned the stolen data “possible contained” private data, together with names, dates of delivery, contact data, Social Safety numbers and information associated to employment; in addition to medical information, basic well being data and knowledge concerning medical remedy, in response to the discover. HMG additionally mentioned that the discover has been printed with a view to inform “people for whom HMG has inadequate or out-of-date contact data” concerning the incident, suggesting historic affected person information might have been impacted.

Nonetheless, HMG admits that whereas it tried to establish the precise information that was compromised, “we’ve got now decided that such identification shouldn’t be possible.”

It’s not but recognized why HMG couldn’t decide the sorts of information stolen, and an organization spokesperson didn’t reply to TechCrunch’s questions.

HMG didn’t say in its discover what number of people are considered affected by the breach. Nonetheless, a submitting with the Texas legal professional basic submitted by HMG on Monday confirms that roughly 75,000 Texans have been impacted by the breach; although it’s not recognized what number of non-state residents are affected.

HMG didn’t describe the character of the cyberattack, however famous that “HMG labored diligently to make sure that the stolen information weren’t additional shared by the hackers to different sources.” It’s not unusual for company victims of ransomware assaults to pay hackers a ransom demand in an effort to restrict the unfold of stolen information, regardless of having no ensures that the hackers would hold their finish of the deal.

TechCrunch requested HMG if it had paid a ransom to the hackers.

Per HMG’s information breach discover, the healthcare supplier additionally has quite a lot of amenities in Kansas — together with Tanglewood Well being and Rehabilitation, and Smoky Hill Well being and Rehabilitation — that have been affected by the info breach.

HMG CEO Prince famous that the group has “elevated its information safety protocols” in mild of the incident, however didn’t specify what extra safety steps have been taken.