HCA Healthcare Data Breach May Affect 11 Million Patients
By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law
On July 11, 2023, HCA Healthcare, which operates 180 hospitals in the U.S. and Britain, said a hacker may have stolen the personal data of about 11 million patients in a data breach. A press release warned patients that critical personal information had been compromised, including their full name, city, and when and where they last saw a healthcare provider.
What Happened to the Patient Data?
Data samples, including addresses, phone numbers, e-mails, and birth dates, were posted to DataBreaches.net (an online forum popular with cyber crooks) by a hacker trying to sell them. However, after publication, an HCA spokesperson told CNBC that the sample data set published was only a “marketing campaign” (or fake data) and was not an individual patient’s real medical assessment.
Who is Affected?
The hack affects patients in nearly two dozen states, including those from dozens of Florida and Texas facilities. The data also included information on scheduled appointments and the medical departments involved. The hacker also dumped a file online in what appeared to be a failed attempt to extort HCA. It included nearly one million records from the company’s San Antonio division.
Patient data breaches are not uncommon, but they can vary in scope and effect. HCA’s breach did not include critical medical records. The company said that the breached data originated at an external storage location exclusively used to automate the formatting of e-mail messages.
HCA Healthcare will offer credit monitoring and identity protection services for patients who have been impacted. But in the meantime, the company is encouraging everyone to look out for spam calls, texts, or e-mails, targeting them for fraud and scams.
For more information on this topic, read one of my prior blogs.
Contact Health Law Attorneys Experienced in Representing Health Care Professionals and Providers.
At the Health Law Firm, we provide legal services for all healthcare providers and professionals. This includes physicians, nurses, dentists, psychologists, psychiatrists, mental health counselors, home health agencies, hospitals, ambulatory surgical centers, social workers, assisted living facilities, and other healthcare providers. It includes resident physicians and fellows, medical students, medical school professors, and clinical staff. We represent health facilities, individuals, groups, and institutions in contracts, sales, mergers, and acquisitions. The lawyers of The Health Law Firm are experienced in complex litigation and both formal and informal administrative hearings. We also represent physicians, nurses, and mental health professionals in investigations for alleged wrongdoing, patient complaints, and Department of Health investigations.
To contact The Health Law Firm, please call our office at (407) 331-6620 or toll-free at (888) 331-6620 and visit our website at www.TheHealthLawFirm.com.
Sources:
Bajak, Frank. “HCA Healthcare says data breach may affect 11 million patients in 20 states.” Associated Press (AP). (July 11, 2023). https://apnews.com/article/data-breach-hca-healthcare-hack-identity-theft-507d8b8915dd934a5be4bd6fb853dfb1
Galarza, Monica. “HCA Healthcare data breach impacts millions of patients, dozens of Florida facilities. Here’s what to know.” CNBC. (July 11, 2023). https://www.nbcmiami.com/news/business/money-report/hca-healthcare-data-breach-impacts-millions-of-patients-dozens-of-florida-facilities-heres-what-to-know/3069139/#:~:text=HCA%20Healthcare%20released%20a%20statement,locations%20of%20the%20patients’%20appointments
Goswami, Rohan. “HCA Healthcare patient data stolen and for sale by hackers.” CNBC.
(July 10, 2023). https://www.cnbc.com/2023/07/10/hca-healthcare-patient-data-stolen-and-for-sale-by-hackers.html
About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law; he is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.
Current Open Positions with The Health Law Firm. The Health Law Firm always seeks qualified individuals interested in health law. Its main office is in the Orlando, Florida, area. If you are a current member of The Florida Bar or a qualified professional who is interested, please forward a cover letter and resume to: [email protected] or fax them to (407) 331-3030.
The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2023 The Health Law