Unencrypted patient medical records and other personal data stolen from US healthcare firm

News
By published

HMG Healthcare lost customer data in major cyberattack in summer of 2023

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

HMG Healthcare, a premier Texas healthcare service provider, suffered a cyberattack last summer that resulted in the theft of sensitive customer data, leading to the possible risk of identity theft and other scams. 

The company confirmed the news in a notice published on its website signed by Chief Executive Officer & Managing Partner, Derek Prince which states it suffered a data breach in August 2023, but only became aware of it in November. 

During the attack, hackers stole unencrypted customer data sitting on the company’s servers, including names, dates of birth, contact information, general health information, information regarding medical treatment, social security numbers and/or employment records.

Who are the attackers?

The company tried to identify the specific data that was compromised, but later concluded that “such identification is not feasible”.

The breach was “fully” mitigated, and the hackers were ousted from the company’s endpoints, the letter confirmed. 

Unfortunately, there are many details missing from the breach notification letter. We reached out to HMG with more questions, and will update the article if we hear back from them. 

At press time, there was no information on who the attackers are, or whether or not this was a ransomware attack. Usually, hackers that steal data also encrypt the victim’s systems and demand payment in cryptocurrency in exchange for the decryption key. Also, they demand money not to release the stolen data on the internet. 

We also don’t know how many people were affected by the breach. According to the HMG website, the company has roughly 3,500 patients and 4,100 employees. If the hackers stole sensitive data of both current and former employees and customers, the number of affected individuals could be counted in tens of thousands, if not hundreds.

Finally, we asked HMG to clarify how the threat actors managed to breach the endpoints, if there were any malware, or social engineering involved. We also wanted to know if the company is planning on offering free identity and credit monitoring services to affected individuals. The type of data that was stolen is usually used in phishing and identity theft attacks. 

“While we believe that the breach has been mitigated, you can take steps to protect yourself or loved one by monitoring account statements, explanations of benefits, and credit bureau reports closely. You may also review the Additional Information provided below as a resource,” Prince’s letter concludes. 

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
healthcare
Top US health provider tells 882,000 patients they were hit in August 2023 breach
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
ransomware avast
The biggest addiction treatment provider in the US says it was hit by data breach
Lock on Laptop Screen
United Healthcare data breach may have affected 190 million Americans
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Data breach
Top medical billing firm says data breach hit 360,000 users
Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
Philips Hue starter kit on blue background with white text reading 'TechRadar don't miss'

Philips Hue starter kits are making the days brighter in Amazon’s Spring Sale – now at a record-low price
See more latest
Most Popular
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone
Four operators survey Verdansk. One holds a sniper rifle, one binoculars, another holds is landing with their parachute, while the last wears a skull mask
New Call of Duty: Warzone trailer shows a beautiful rebuilt Verdansk, but some fans want more: 'it won't be the same unfortunately'