Subscribe To Our Newsletter

This field is for validation purposes and should be left unchanged.

Healthcare Services Group Agrees to $3 Million Class Action Settlement Following September 2024 Data Breach

Healthcare Services Group (HCSG) has agreed to a $3 million class action settlement resolving allegations that the dining and housekeeping provider failed to protect the personal and financial data of over 624,000 individuals during a massive September 2024 cyberattack. If you received a breach notice, you have until October 1, 2026, to file a claim.

large-field-of-ripe-wheat-under-the-open-sky-on-a-2025-02-12-05-09-11-utc 1

Healthcare Services Group, Inc., a Pennsylvania-based company that provides housekeeping, laundry, and dining services for long-term care facilities and hospitals, has established a $3,000,000 common fund to settle litigation. The class action lawsuit, Williamson et al. v. Healthcare Services Group, Inc., was filed in the U.S. District Court for the Eastern District of Pennsylvania.

This multi-million dollar agreement covers all living United States residents who received a notice from HCSG regarding potential impacts from the data breach, or whose private information was otherwise determined to have been affected by the security incident. By establishing this fund, HCSG aims to resolve the litigation and provide direct benefits to affected individuals.

While the company has denied the allegations of negligence and maintains that it did not engage in any illegal actions, it opted for a settlement to prevent the escalating expenses and prolonged distractions of a court trial. For everyday people who were left vulnerable after this security failure, this deal offers a vital path toward recovering financial losses and protecting their credit.

How the September 2024 Network Cyberattack Unfolded

The incident at the center of this class action lawsuit occurred during the autumn of 2024. According to regulatory filings with state authorities, including the Maine Attorney General, HCSG first detected unauthorized activity within its internal networks on October 7, 2024.

The company launched an immediate investigation with the help of external cybersecurity firms to discover the scope of the threat. The forensic investigation revealed that an unauthorized hacker managed to bypass the company’s internal digital defenses and copy files containing sensitive data between September 27, 2024, and October 3, 2024.

Despite discovering the intrusion in October 2024, HCSG did not finish identifying all the impacted individuals and begin mailing out official data breach notice letters until August 2025. This delay left hundreds of thousands of people in the dark, unaware that their highly sensitive personal files had been compromised. In total, the company disclosed that at least 624,496 individuals had their personal information exposed during the multi-day network breach.

What Sensitive Employee Data Was Compromised in the Hack?

When cybercriminals breach a corporate network, they are typically searching for data they can exploit for financial gain. The information exposed during the HCSG breach represents some of the most sensitive personal identifiers a person can possess.

According to court records, the compromised files included full names, Social Security numbers (SSNs), driver’s license numbers, and state identification numbers. Additionally, the hackers accessed financial account details, full account access credentials, and medical or health insurance information.

Having this specific combination of personal data exposed poses a serious risk to your financial safety. Unlike a stolen credit card, which you can quickly cancel, a Social Security number or driver’s license cannot be easily changed. Cybercriminals use these permanent identifiers to open fraudulent credit cards, apply for loans, file false tax returns, and even commit medical identity theft in your name. Once this data is leaked onto the dark web, it can be sold to bad actors repeatedly, presenting a long-term threat to your financial security.

The Allegations of Corporate Negligence Facing Healthcare Services Group

The class action lawsuit argued that HCSG fell short of its legal obligations to safeguard the highly private records of its current and former employees. Plaintiffs in the lawsuit asserted that the company failed to implement reasonable, industry-standard cybersecurity measures to protect its internal network.

According to the legal complaint, the company breached its contractual obligations to its staff by failing to maintain safe and secure databases. Plaintiffs also brought claims under several state laws, including the Washington Consumer Protection Act and the New Jersey Consumer Fraud Act, alleging that the firm was unjustly enriched by benefiting financially while failing to invest in adequate security protocols.

Under modern consumer protection frameworks, organizations that collect and store personal data have a strict duty of care. They are expected to encrypt sensitive databases, regularly test their networks for vulnerabilities, and promptly notify individuals when a breach occurs. When an organization fails to maintain updated security infrastructure, courts can hold them legally and financially liable for the resulting fallout.

What Financial Benefits Can Affected Class Members Receive?

The $3 million settlement received preliminary court approval on June 3, 2026, and provides several options for affected individuals to secure compensation and protection:

  • Documented Loss Reimbursement: You may be eligible to claim up to $5,000 for documented financial losses directly tied to the data breach. This benefit covers unreimbursed identity theft or fraud losses, bank fees, the cost of credit monitoring services you purchased, long-distance phone charges, postage, and mileage. To receive this payout, you must submit supporting proof, such as bank statements or receipts.

  • Pro Rata Cash Payment: Even if you did not experience direct identity theft, you can submit a claim to receive an alternative cash payment with no proof of loss required. The final amount of this payment will depend on how many valid claims are ultimately filed.

  • Free Credit Monitoring: All class members can submit a claim to receive three years of complimentary, single-bureau credit monitoring. This package includes dark web monitoring, identity theft insurance, and identity recovery services.

How to File Your Claim Online Before the October Deadline

If you are an eligible class member, you must take active steps to claim your cash benefits or credit monitoring. The court-appointed settlement administrator has established a dedicated web portal at HealthcareServicesGroupSettlement.com to handle the claims process.

If you received an official data breach notice in the mail or via email, look for your unique Class Member ID. You will need to enter this ID on the online form to quickly verify your eligibility. If you did not receive a notice but believe your data was affected, you can submit a registration form through the website to check your status.

Alternatively, you can download a paper PDF claim form from the site, fill it out, and return it by mail to the administrator. The absolute deadline to submit your claim form online or have it postmarked by mail is October 1, 2026. The court will hold a final approval hearing on September 24, 2026, to decide whether to formally approve the $3 million agreement.

Subscribe To Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This field is for validation purposes and should be left unchanged.
The Time for Action is Now!
Mass Arbitrations
Active Data Breaches
Date of Breach: Not Specified
Date of Breach: July 13, 2026
Date of Breach: July 2, 2026
Latest News