Class Action U Logo
Check Your Eligibility

Health Management Systems of America Data Breach

Health Management Systems of America (HMSA) has notified individuals about a security incident involving unauthorized access to a single email account containing personal and protected health information. The breach occurred due to a spear phishing attack, and affected individuals will be notified by mail. HMSA is working with an IT security firm and has reported the incident to the Department of Health and Human Services. Find out what steps you can take to protect your information.

Health Management Systems of America
Date of Breach: December 9, 2024
CAU logo

Who was affected:

Clients of Health Management Systems of America

Impacted Data:

Personal health information (PHI)

Protected health information (PHI)

Email content, potentially containing sensitive personal data

Check Your Eligibility

Health Management Systems of America (HMSA) recently notified the public of a security incident involving unauthorized access to a single email account that contained personal and protected health information. As part of an ongoing investigation, HMSA has provided details of the breach and steps individuals should take to protect themselves.

Health Management Systems of America’s Data Breach Investigation

On December 9, 2024, Health Management Systems of America (HMSA) became aware of suspicious activity regarding a single email account. The incident was caused by a spear phishing campaign, which led to unauthorized access of the account. The breach was subsequently investigated by an IT security firm to determine the extent of the damage. Upon investigation, it was revealed that the unauthorized actor gained access to certain emails, which contained sensitive personal and protected health information.

HMSA quickly took action by notifying the Department of Health and Human Services and retained legal and data review teams to determine the specific information involved. They are in the process of identifying the affected individuals and will send them notification letters via U.S. mail. This data breach was limited to one email account, and while there has been no confirmed identity fraud or financial harm to affected individuals, HMSA has urged individuals to remain vigilant.

As the investigation continues, HMSA may update their statements to provide additional details or changes about the breach. Their priority is to ensure that affected individuals are informed and receive the necessary protection and support. The company has provided guidance to individuals on what steps they can take to protect themselves from any potential fallout from the breach.

When Did This Breach Occur?

The security incident was discovered on December 9, 2024, after HMSA detected unauthorized activity in one of their email accounts.

What Information Was Breached?

While the investigation is still ongoing, it has been confirmed that the following information was potentially compromised due to the breach:

  • Personal health information (PHI)

  • Protected health information (PHI)

  • Email content, potentially containing sensitive personal data

The full extent of the data involved is still being reviewed. HMSA has committed to updating affected individuals once more information becomes available.

What You Can Do

If you believe you may have been affected by this breach, there are several steps you can take to protect your information:

  • Monitor your accounts: Regularly check your financial statements, credit reports, and health insurance records for any suspicious activity.

  • Place a fraud alert: Consider placing a fraud alert on your credit report with one of the major credit bureaus to prevent identity theft.

  • Use strong, unique passwords: Avoid using the same password across multiple accounts. Implement multifactor authentication (MFA) wherever possible for added security.

  • Report suspicious activity: If you notice any unusual activity, immediately report it to the relevant financial institution, health insurer, or company.

  • Stay vigilant against phishing attempts: Be cautious of emails or messages asking for personal information, especially if they seem out of the ordinary or come from unknown sources.

HMSA has also provided a resource for ordering free annual credit reports through the Federal Trade Commission’s website to monitor any potential misuse of your information.

File a Data Breach Lawsuit Against Health Management Systems of America

If you’ve received a data breach notification from Health Management Systems of America (HMSA), you may be eligible to join a class action lawsuit seeking compensation. Affected individuals are encouraged to take legal action to hold HMSA accountable for their failure to protect sensitive data.

At Class Action U, we provide resources and support to help individuals impacted by data breaches navigate the legal process. If you were affected by the HMSA breach, we can connect you with a qualified attorney to discuss your case and potential compensation.

Contact us today for a free consultation to learn about your legal options and how you can join the fight for justice. Your voice matters, and together, we can hold companies accountable for their negligence.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
Other Data Breaches
Garten Services Data Breach
Date of Breach: December 4, 2025
Mission Neighborhood Health Center Data Breach
Date of Breach: December 19, 2025
Soapy Joe’s Car Wash Data Breach
Date of Breach: October 6, 2025, to December 19, 2025
Show More

Frequently Asked Questions

A data breach occurs when sensitive, confidential, or protected information is accessed, stolen, or disclosed without authorization. Data breaches often occur through phishing emails, malware, weak passwords, insider threats, or unsecured databases. Indicators of a data breach can include unexpected password resets, suspicious account activity, unauthorized transactions, or notifications from companies about compromised information.If you suspect your data has been compromised, you must take measures and act quickly. Change passwords, enable two-factor authentication, review your financial accounts for unusual activity and consider freezing your credit.

Once stolen, your personal information may be sold on the dark web or used for identity theft and financial fraud. In some cases, hackers use the data to extort companies or launch further attacks. Victims often face long-term risks, including damage to credit and privacy.

If you receive a data breach notification, don’t ignore it. Immediately change passwords for the affected account and any others that share credentials. Enroll in any free credit monitoring services offered and monitor financial statements closely.

To pursue a data breach claim, you’ll need documentation showing your information was compromised and proof of resulting harm, such as fraudulent charges, credit score damage, or identity theft reports. Notification letters, financial records, and communication with the breached company can help support your claim.

Yes. If a company fails to protect consumer data or delays notifying victims, it may be held liable under state and federal privacy laws. Many victims join class action lawsuits to recover financial losses and hold negligent organizations accountable.

Data breach settlements vary widely depending on the size of the breach, type of data compromised, and damages suffered by victims. Payouts may include cash compensation, identity theft protection, or reimbursement for losses. Many settlements range from a few hundred to several thousand dollars per person. A skilled data breach lawyer can guide victims through the complex legal process, ensuring their rights are protected. If you’ve received a data breach notification or believe your personal data was exposed, you may be eligible for compensation. Contact Class Action U to learn more about how to join a data breach lawsuit and understand the process of filing.