Strauss Borrelli PLLC, a leading data breach law firm, is investigating Health Management Systems of America (“HMSA”) regarding its recent data breach. The HMSA data breach involved sensitive personal information and protected health information belonging to an undetermined number of individuals.
ABOUT HEALTH MANAGEMENT SYSTEMS OF AMERICA:
HMSA is a behavioral health care and social services organization based in Michigan. Founded in 1980, HMSA provides a range of employee assistance and wellness programs to managers, employees, and families, such as counseling and referral services for personal, job, and family issues varying from alcohol/substance abuse to family issues, financial and legal problems, behavioral problems, physical and emotional illness, and more.2,3,4 Organizations that HMSA works with include local communities, school systems, Fortune 500 corporations, government agencies, universities, and hospital systems.4 Headquartered in Detroit, Michigan, HMSA employs over 10 individuals and works with a network of over 13,000 behavioral specialists in over 3,000 cities throughout the Continental United States, Alaska, Hawaii, and Puerto Rico.3
WHAT HAPPENED?
Recently, HMSA announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice shared on its website, on December 9, 2024, HMSA became aware of unauthorized activity concerning a single email account as a result of a spear phishing campaign.1 As a result, HMSA launched an investigation to determine the nature of the incident.
Through its ongoing investigation, HMSA has confirmed that sensitive personal information and protected health information in the emails may have been accessed and acquired by an unauthorized third party during the breach. As a result, HMSA began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. The data accessed in the HMSA breach includes personal and protected health information. However, as of December 16, 2025, the exact type of personal information potentially exposed has not been made publicly available by HMSA.
As a result of the breach, HMSA posted notice of the breach on its website. Based on the website breach notice, HMSA will be providing affected individuals with a list of the specific types of sensitive information impacted. A link to the website breach notice is below.
If you believe you have been affected by the Health Management Systems of America breach:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
