- HCA Healthcare, with 46 hospitals in Florida, has announced a data breach affecting approximately 11 million individuals nationwide.
- The breach involved an unauthorized disclosure of personal information, including patient names, contact details, and appointment information, on an online forum.
- The provider stated that the leak did not include sensitive data like social security numbers, payment information, or medical records.
HCA Healthcare, which has 46 hospitals in Florida, announced on Monday that approximately 11 million individuals nationwide may have had their personal information compromised by an identified data leak.
The healthcare provider issued a formal statement indicating that an unidentified and unauthorized entity disclosed personal information, encompassing patient names, city, state, zip code, telephone number, date of birth, and gender, as well as service date, location, and next appointment details, on an online forum.
HCA stated that the breach appears to have originated through a theft from an external storage location exclusively used to automate the formatting of email messages and reported no disruption to ongoing medical treatment services. The provider further noted that the leak did not include social security numbers, payment information, or medical records.
The breach spans all 46 HCA hospitals within Florida and extends to more than 150 clinics, including MdNow centers owned by the provider.
“HCA Healthcare reported this event to law enforcement and retained third-party forensic and threat intelligence advisors,” said hospital officials. “While our investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident. The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support in accordance with its legal and regulatory obligations.”
Amid ongoing investigations, HCA states that it will offer credit monitoring and identity protection services to customers that may be impacted by the breach.