- BlackBit and LokiLocker Ransomware Attacks are on the Rise in Russia - August 17, 2023
- How Can Phishing be Used to Make Governmental Services a “Profitable Business”? - August 16, 2023
- The Most Dangerous Hacker Tools and How to Detect Them - August 16, 2023
HCA said on its web page that information provided contains “data used for email messages, such as notifications that patients may wish to schedule an appointment and education on healthcare programs and services.”
According to HCA, the information includes patient names, address information like city, state, and ZIP code, email addresses, phone numbers, dates of birth, gender, and information about upcoming appointments. It also contains patient service dates like locations.
No Clinical or Financial Information Was Exposed in the Leak
On the HCA Healthcare website, it lists 2,300 locations and 180 hospitals spread throughout more than a dozen states in the United States. HCA offers private healthcare services to citizens of the United Kingdom. On its page, HCA identified more than 1,000 impacted hospitals and sites spread over 20 states.
But it’s still unclear how the information got compromised and ended up on a cybercrime forum. On July 5, DataBreaches.net published the seller’s forum post, in which he claimed to have 27 million rows of data. Names, genders, and dates of birth are among the information HCA claims was stolen from some of the column headers in the stolen file.
The report claims that on July 4, the hacker contacted HCA. The healthcare behemoth was given “until the 10th” to comply, according to the hacker, although the demands were not made explicit in the forum post. HCA did not specify the time at which it learned of the data breach. Furthermore, it’s unclear how the data was collected.
According to the hospital network, the information was stolen from “an external storage location exclusively used to automate the formatting of email messages.” It’s unclear whether HCA or one of its suppliers manages or keeps up the external storage location. Furthermore, it is unknown if the business unintentionally revealed the external storage location or the hacker compromised it. Harlow Sumerford, a spokesman at HCA, declined to comment.