HCA Healthcare Suffers Data Breach

The theft appears to have stemmed from an external storage location.

By HFT Staff


HCA Healthcare, Inc. recently discovered that a list of certain information with respect to some of its patients was made available by an unknown and unauthorized party on an online forum. The list includes: 

  • Patient name, city, state, and zip code; 
  • Patient email, telephone number, date of birth, gender; and 
  • Patient service date, location and next appointment date. 

HCA Healthcare has confirmed that the list contains information used for email messages, such as reminders that patients may wish to schedule an appointment and education on healthcare programs and services. 

Importantly, the list does not include: 

  • Clinical information, such as treatment, diagnosis, or condition; 
  • Payment information, such as credit card or account numbers; 
  • Sensitive information, such as passwords, driver’s license or social security numbers. 

This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages. There has been no disruption to the care and services HCA Healthcare provides to patients and communities. This incident has not caused any disruption to the day-to-day operations of HCA Healthcare. Based on the information known at this time, the company does not believe the incident will materially impact its business, operations or financial results. 

HCA Healthcare reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. While the investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident. The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate. 



July 18, 2023


Topic Area: Information Technology , Safety , Security


Recent Posts

Seeking Standards for Microbial Loads in Healthcare Facilities

Why is there no binding standard for the acceptable microbial load on surfaces or in the air in hospitals?


UCR Health Unveils Plans for Major Expansion

The vision for the site will include an outpatient diagnostic center and possible future expansion.


High-Performance Windows Support Safety at UW Medicine's New Behavioral Health Center

Case study: Engineered for strength, quiet and daylight, the chosen windows help create a safe, calming and energy-efficient environment for patients and providers.


Central Maine Healthcare Dealing with IT System Outage

The organization identified unusual activity within their computer software, prompting them to secure and shut off all IT systems.


Kaiser Permanente Opens Newly Expanded Everett Medical Center

The facility offers primary care and pediatric care and has specialty care departments.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.