- HCA Healthcare disclosed a data breach exposing personal information of approximately 11 million patients after the data was accessed and posted online by an unauthorized party.
- The exposed patient information included names, contact details, locations, birth dates, and appointment data, but did not include medical, financial, or sensitive records according to HCA.
NASHVILLE, Tenn. (July 15, 2023) – HCA Healthcare recently discovered that personal information belonging to approximately 11 million patients was accessed and posted on an online forum by an unknown unauthorized party.
According to the company, the exposed information included patient names, locations, phone numbers, email addresses, birth dates, appointment details, and service records. More sensitive information like medical records, social security numbers, and financial data were not part of the breach.
HCA said the breach resulted from a theft of data from an external storage system used for formatting patient email communications such as appointment reminders and health program info.
The company reported the incident to law enforcement and hired forensic experts to investigate. HCA said they have found no evidence that internal systems or networks were impacted. They immediately disabled access to the compromised storage system as a containment measure.
While healthcare operations have not been disrupted, HCA stated they will be contacting impacted patients and offering credit monitoring services as appropriate.
HCA operates 186 hospitals and approximately 2,000 sites of care across 20 states. The large exposure of patient data has raised concerns about privacy practices at one of the nation’s leading healthcare providers.
“We believe the privacy of our patients is vital to our mission and remains a top priority,” said HCA in a statement. The company set up a website at hcahealthcare.com/privacyupdate to provide updates.