HCA Healthcare reports data breach impacting 11 million patients

HCA Healthcare, based in Nashville, Tennessee, disclosed a data security incident that may have exposed personal information of approximately 11 million patients. The compromised data originated from an external storage location which contained content for email messages used for appointment reminders and healthcare services across hundreds of facilities in 20 states.

The unauthorized party shared the exposed data online including

• patient names,
• contact details,
• birth dates,
• gender,
• appointment dates.

HCA estimates 27 million rows of data pertaining to about 11 million patients have been accessed, but clarified that clinical information, financial data, passwords, and Social Security numbers were not compromised.

The incident has not disrupted operations and is not expected to have a significant impact on the business.

HCA has disabled user access to the affected storage location and is conducting an ongoing investigation. The company plans to notify affected patients, provide support, and offer credit monitoring and identity protection services as required by legal obligations.