Unencrypted medical records compromised in breach of Texas-based HMG Healthcare

Texas-based HMG Healthcare has suffered a data breach resulting in theft of personally identifiable information and medical records. The breach, first detected in November, had been ongoing since August. Unusually, HMG Healthcare has not followed standard breach responses such as hiring a third-party cyber security company, informing law enforcement and offering credit monitoring. Some have questioned whether the company’s delay in responding to the breach contravenes legal obligations under HIPAA regulations.