July 11, 2023 :xData on roughly 11 million HCA Healthcare patients in 20 states, including Florida, was stolen and recently posted on an online forum, the hospital chain reported on Sunday.
According to the company, an unauthorized party accessed 27 million rows of data stored at an external location, automating company email messages. According to the company’s statement, the compromised data included the patient’s name, city, state, zip code, date of birth, telephone numbers, along with email addresses.
HCA officials stressed that the breach did not contain more sensitive information like credit card or account numbers, passwords, driver’s licenses, or Social Security numbers. Nor does it include sensitive medical information such as diagnoses, although it does include dates and locations of appointments. The release does not provide information on what forum the data was posted.
The for-profit hospital chain, which operates 180 hospitals and approximately 2,300 other health facilities, said it had reported the incident to law enforcement and hired third-party forensic and threat intelligence advisors.
“While our investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident,” the company said in a news release.
HCA plans to contact any impacted patients to offer additional information and support and offer credit monitoring and identity protection services, where appropriate. It recommends that patients remain vigilant in identifying phone calls, emails, or text messages that appear to be spam or fraudulent. It also emphasized that patients should only open links or attachments from trusted sources.
Patients who are unsure about whether a message is legitimate should call HCA at (844) 608-1803.