HCA Healthcare network confirmed that the sensitive data of about 11 million patients were exposed on a dark web forum following a cyber attack.
“HCA Healthcare, Inc. (NYSE:HCA) recently discovered that a list of certain information with respect to some of its patients was made available by an unknown and unauthorized party on an online forum,” the organization stated.
The stolen data includes:
- Patient name, city, state, and zip code;
- Patient email, telephone number, date of birth, gender; and
- Patient service date, location, and next appointment date.
HCA, a healthcare network of 180 hospitals and more than 2300 ambulatory sites across the United States and the United Kingdom, stresses that the data breach did not affect clinical or financial information, such as:
- Clinical information, such as treatment, diagnosis, or condition;
- Payment information, such as credit card or account numbers;
- Sensitive information, such as passwords, driver’s licenses, or social security numbers.
The company says it will contact any impacted patients to provide additional information and support and will offer credit monitoring and identity protection services, where appropriate.
Healthcare institutions are increasingly becoming targets for cyber attacks. Criminals not only demand ransomware from organizations but also seek financial gains from selling patients’ information online. Leaked medical records can be used in scams or even identity theft.
- HCA Healthcare. HCA Healthcare Reports Data Security Incident.
- Cybernews. HCA data breach: hacker stole information of 11M patients.