Cavalier data security at HMG Healthcare enabled hackers to steal employee and resident data from 40 affiliated nursing facilities.
A class action lawsuit was recently filed against HMG Healthcare, LLC, a Texas-based healthcare services provider, after announcing that the protected health information of up to 80,000 individuals was exposed and potentially stolen in a cyberattack that was detected in November 2023.
The lawsuit claims HMG failed to take “even the most basic steps” to protect the highly sensitive data in its care, which was allegedly stored unencrypted and unredacted in its computer systems. According to the claim, “The Data Breach was the inevitable result of HMG’s inadequate data security measures and cavalier approach to data security,” adding that its failure to properly monitor its network “[left] the door open” for cybercriminals to steal data for months without detection.
The exact nature of the attack was not disclosed.
Who Was Affected By The Breach?
According to a notice posted on HMG’s website, the healthcare service provider discovered in November 2023 that unauthorized access to its server had compromised personal and health information belonging to residents and employees at 40 HMG-affiliated nursing facilities in Texas and Kansas.
Locations include –
- Accel at College Station
- Arbor Court Retirement Community at Alvamar (Independent Living)
- Arbor Court Retirement Community at Salina (Independent Living)
- Arbor Court Retirement Community at Topeka (Independent Living)
- Arbrook Plaza
- Cimarron Place Health & Rehabilitation Center
- Crowley Nursing and Rehabilitation
- Deerbrook Skilled Nursing & Rehab
- Forum Parkway Health & Rehabilitation
- Friendship Haven Healthcare & Rehab Center
- Green Oaks Nursing and Rehabilitation
- Gulf Pointe Plaza
- Gulf Pointe Village (Assisted Living Only)
- Harbor Lakes Nursing and Rehabilitation Center
- Hewitt Nursing and Rehabilitation
- Holland Lake Rehabilitation and Wellness Center
- Lone Star Rehabilitation and Wellness Center
- Methodist Transitional Care Center
- Mission Nursing and Rehabilitation Center
- Northgate Plaza (Legacy)
- Park Manor of BeeCave (Legacy)
- Park Manor of Conroe
- Park Manor of CyFair
- Park Manor of Cypress Station
- Park Manor of Humble
- Park Manor of Mckinney (Legacy)
- Park Manor of Quail Valley
- Park Manor of South Belt
- Park Manor of The Woodlands
- Park Manor of Tomball
- Park Manor of Westchase
- Pecan Bayou Nursing and Rehabilitation
- Red Oak Health and Rehabilitation Center
- Silver Spring Health & Rehabilitation Center
- Smoky Hill Health and Rehabilitation
- Stallings Court Nursing and Rehabilitation
- Stonegate Nursing and Rehabilitation
- Tanglewood Health and Rehabilitation
- Treviso Transitional Care
- Willowbrook Nursing Center
HMG Does Little To Assist Victims Impacted By Data Breach.
Plaintiffs claim that they are now at significantly increased risk for idenity theft and fraud as a resut of HMG’s negligence. To make matters worse, HMG has done little to remedy the damage it has caused, the complaint alleges.
The substitute breach notice on the HMG Healthcare website advises the affected individuals to monitor their account statements and credit reports to identify any suspicious activity but makes no mention of credit monitoring and identity theft protection services being offered. HMG Healthcare said it has increased its data security protocols to prevent similar cyberattacks and data breaches in the future.
“HMG failed to offer any meaningful assistance to consumers to help deal with the fraud that has and will continue to result from the Data Breach,” the filing says. “In contrast to what has been frequently made available to consumers in other data breaches, HMG has not offered or provided any fraud insurance or basic identity monitoring services.”
Join the HMG Healthcare Data Breach Class Action
The consequences of the data breach extend beyond the immediate financial and emotional toll on individuals. The incident has also sparked a broader conversation about the need for enhanced cybersecurity measures in the healthcare sector. With the increasing digitization of medical records and the growing reliance on data-driven technologies, the industry faces heightened scrutiny regarding its ability to protect patient information.
If your personal information was impacted by this incident, you may be at risk of identity theft, a broad range of fraud, and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to HMG Healthcares’ cybersecurity practices.
If you received notification of this data breach from HMG Healthcare and wish to obtain additional information about how to protect your identity or learn of your legal rights, please complete the below form and a data breach lawyer will contact your. There is no cost to you.