Personal data of about 11 million patients of HCA Healthcare Inc. was exposed in an online forum, the company said Monday.
(Bloomberg) — Personal data of about 11 million patients of HCA Healthcare Inc. was exposed in an online forum, the company said Monday.
The largest US hospital operator discovered a list with names, email addresses and phone numbers, birth dates and information about their appointments. It didn’t include clinical records, payment details, passwords or Social Security numbers.
Data breaches at health-care companies are often considered among the most serious as they may contain some of a person’s most private, intimate information. In this case, however, the breach appeared to have been a “theft from an external storage location” that was only used to automate email messages, HCA said. The company said it reported the incident to law enforcement and that hospital operations weren’t affected.
The Nashville, Tennessee-based company is still investigating and said it couldn’t confirm how many people were affected, but it believes the list contains 27 million rows of data on about 11 million patients. HCA said it didn’t expect a material impact on its business.
Health-care companies face growing cybersecurity risks, with the accumulation of sensitive personal data and threats of ransomware that seize critical networks and upend systems crucial to care delivery.
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.