HCA data breach: hacker stole information of 11M patients

HCA, a Nashville-based healthcare network of 180 hospitals and more than 2300 ambulatory sites in both the UK and the US, confirmed sensitive patient information was leaked during a recent cyber attack – and is now up for sale on the dark web.

HCA Healthcare, which encounters an estimated 37 million patients annually across both nations, announced the leak on its website July 10th.

“HCA recently discovered that a list of certain information with respect to some of its patients was made available by an unknown and unauthorized party on an online forum,” the organization stated.

HCA stressed the stolen data dd not include not include any clinical or financial information.

“This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages,” the notice said.

The published patient data contains “information used for email messages, such as reminders that patients may wish to schedule an appointment and education on healthcare programs and services,” HCA stated.

"The investigation is ongoing and we cannot confirm the number of individuals whose information was impacted. HCA Healthcare believes that the list contains approximately 27 million rows of data that may include information for approximately 11 million HCA Healthcare patients."

Patient information that was exposed includes:

  • Patient name, city, state, and zip code;
  • Patient email, telephone number, date of birth, gender; and
  • Patient service date, location and next appointment date.

HCA said the leak did not include more sensitive information, such as:

  • Clinical information, such as treatment, diagnosis, or condition;
  • Payment information, such as credit card or account numbers;
  • Sensitive information, such as passwords, driver’s license or social security numbers.

Online hacker forums and criminal darknet markets, such as the resurrected BreachForums and the new Genesis replacement 2Easy, are teaming with fellow users advertising to buy, sell and trade stolen data, as well as other hacker tools.

“We live in a world where data is everywhere and accessed from anywhere because of SaaS technology, and unfortunately, this type of breach has become far too common,” said Lior Yaari, CEO and co-founder of Israeli cybersecurity startup Grip Security.

The security incident has not caused any “disruption to the care and services” provided to patients and communities, or to its day to day business operations, HCA said in the notice.

The company said IT teams have “not identified evidence of malicious activity” on the HCA Healthcare networks or systems, and IT teams “disabled user access to the storage location as an immediate containment measure.”

“Based on the information known at this time, the company does not believe the incident will materially impact its business, operations, or financial results,” HCA said.

“To prevent this from happening again, companies should focus on getting a complete inventory of all of their SaaS and data locations,” said Yaari.

“Whatever they are using today is evidently insufficient, and unless something changes, history will continue to repeat itself,” she added.

While the investigation continues, HCA urged concerned individuals to visit its dedicated webpage created to provide ongoing information and updates.

HCA plans to contact any impacted patients to provide additional information and support, as well as credit monitoring deemed necessary.

Founded in 1968 and self-identified as a learning health system model, HCA ambulatory sites of care include surgery centers, freestanding ERs, urgent care centers, and physician clinics.

More from Cybernews:

AO3 fanfiction site shut down and extorted by Anonymous Sudan

Kremlin cyber gang targets NATO meeting place website

Apple opens store on WeChat

YouTube need not fear Odysee, but positive signs for decentralized apps

John Hopkins confirms MOVEit breach

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked