• Thu. Oct 12th, 2023

Personal Data of 11M Patients Was Compromised – HCA Healthcare

Avatar photo

ByEsme Greene

Aug 4, 2023
11M Patients' Data Breach - HCA Healthcare
Esme Greene
Latest posts by Esme Greene (see all)

HCA said on its web page that information provided contains “data used for email messages, such as notifications that patients may wish to schedule an appointment and education on healthcare programs and services.”

According to HCA, the information includes patient names, address information like city, state, and ZIP code, email addresses, phone numbers, dates of birth, gender, and information about upcoming appointments. It also contains patient service dates like locations.

No Clinical or Financial Information Was Exposed in the Leak

On the HCA Healthcare website, it lists 2,300 locations and 180 hospitals spread throughout more than a dozen states in the United States. HCA offers private healthcare services to citizens of the United Kingdom. On its page, HCA identified more than 1,000 impacted hospitals and sites spread over 20 states.

But it’s still unclear how the information got compromised and ended up on a cybercrime forum. On July 5, DataBreaches.net published the seller’s forum post, in which he claimed to have 27 million rows of data. Names, genders, and dates of birth are among the information HCA claims was stolen from some of the column headers in the stolen file.

The report claims that on July 4, the hacker contacted HCA. The healthcare behemoth was given “until the 10th” to comply, according to the hacker, although the demands were not made explicit in the forum post. HCA did not specify the time at which it learned of the data breach. Furthermore, it’s unclear how the data was collected. 

According to the hospital network, the information was stolen from “an external storage location exclusively used to automate the formatting of email messages.” It’s unclear whether HCA or one of its suppliers manages or keeps up the external storage location. Furthermore, it is unknown if the business unintentionally revealed the external storage location or the hacker compromised it. Harlow Sumerford, a spokesman at HCA, declined to comment.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.