Healthcare Services Group discloses 'cybersecurity incident' in SEC filing

Laundry and dining provider still investigating cause and scope

Healthcare Services Group (HSG) has disclosed "unauthorized activity within some of its systems" in a Securities and Exchange Commission (SEC) filing.

The company, which provides housekeeping, laundry, and food and nutrition services to thousands of US healthcare facilities, said in a Form 8-K filing on Wednesday that it suffered a "cybersecurity incident" on October 9.

"The Company immediately activated its Cybersecurity Incident Response Process to investigate such activity with the assistance of leading third-party cybersecurity experts," the filing states. "The Company has also notified law enforcement authorities... [and] will continue to monitor the situation and take appropriate actions consistent with its response protocols."

Many of the usual details The Reg would expect to see from disclosures of this type aren't included in the filing, which is in part due to HSG's admission that it doesn't have all the facts of the case yet. The full nature of the incident and its scope are still being determined.

Regardless, NASDAQ-listed HSG says it does not anticipate the incident having a material impact on its finances or business operations.

HSG operates in 48 states, employs around 35,000 people, and serves around 5,000 accounts, with a large concentration of its business located in the Midwest and East Coast, close to its Pennsylvania headquarters.

The attack at HSG is the latest of many to hit US healthcare organizations this year. Just this week, yet another company adjacent to the healthcare industry announced a sizeable intrusion potentially affecting 400,000 people.

Like HSG, Gryphon Healthcare is not a healthcare organization, but provides essential services to facilities like revenue cycle and billing management tools. It said personal patient data such as names, diagnoses, medical record numbers, social security numbers, and more were stolen by cybercriminals.

Lawyers quickly spun into action, appealing for class representatives to join a potential class-action lawsuit against Gryphon.

Similar cases were made against Change Healthcare earlier this year thanks to its mega breach at the hands of ALPHV/BlackCat. It faces at least six class-action cases as a result. ®

More about

TIP US OFF

Send us news


Other stories you might like