Current:Home > FinanceHCA Healthcare says hackers stole data on 11 million patients-LoTradeCoin
HCA Healthcare says hackers stole data on 11 million patients
View Date:2024-12-23 22:28:01
Hospital and clinic operator HCA Healthcare said it has suffered a major hack that risks the data of at least 11 million patients.
Patients in 20 states, including California, Florida, Georgia and Texas, are affected, the Nashville-based chain said on Monday. The data accessed includes potentially sensitive information such as the patients' names, partial addresses, contact information and upcoming appointment date.
The breach, which the company learned about on July 5, is one of the biggest health care breaches in history.
The hackers accessed the following information, according to HCA Healthcare:
- Patient name, city, state, and zip code
- Patient email, telephone number, date of birth, gender
- Patient service date, location and next appointment date
"This appears to be a theft from an external storage location exclusively used to automate the formatting of email messages," the company said in its Monday announcement.
"The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate," it said.
If 11 million patients are affected, the breach would rank in the top five health care hacks reported to the Department of Health and Human Services Office of Civil Rights, according to the Associated Press. The worst such hack, a 2015 breach of the medical insurer Anthem, affected 79 million people. Chinese spies were indicted in that case, and there is no evidence the stolen data was ever put up for sale.
The suspected HCA hacker, who first posted a sample of stolen data online on July 5, was trying to sell the data and apparently trying to extort HCA, the AP reported. The hacker, who claimed to have 27.7 million records, then dumped a file online on Monday that included nearly 1 million records from the company's San Antonio division.
Call before paying an HCA bill
HCA is asking patients not to pay any invoices or billing requests without first calling the chain at (844) 608-1803 to verify that the message is legitimate.
HCA added that it "reported this event to law enforcement and retained third-party forensic and threat intelligence advisors." It also claimed that the breach, which revealed at least 27 million rows of data on about 11 million patients, didn't include potentially sensitive information, including patients' treatment or diagnosis; payment information, passwords, driver's license numbers or Social Security numbers.
DataBreaches.net, which first reported on the hack, posted a sample of code purportedly offered by a hacker containing the sentence, "Following up about your lung cancer assessment" as well as a client ID.
However, an HCA spokesperson told CBS MoneyWatch that the code in question was an email template developed by the company, while the client ID referred to a doctor's office or facility, not a patient.
HCA claimed that it "has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident. The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate."
HCA operates more than 180 hospitals and 2,000 care locations, such as walk-in clinics, across 20 states and the U.K., according to the company's website.
- In:
- Data Breach
veryGood! (64223)
Related
- California teen pleads guilty in Florida to making hundreds of ‘swatting’ calls across the US
- FTC sues to block $8.5 billion merger of Coach and Michael Kors owners
- Most distant spacecraft from Earth sends data to NASA for first time in 5 months
- Biden implied his uncle lost in WWII was eaten by cannibals. Papua New Guinea's leader pushes back.
- Why Suits' Gabriel Macht Needed Time Away From Harvey Specter After Finale
- Chicago woman convicted of killing, dismembering landlord, hiding some remains in freezer
- WWE Draft 2024: When, where, what to know for 'Raw' and 'SmackDown' roster shakeups
- The Most Expensive Celebrities on Cameo – and They’re Worth the Splurge
- FBI raids New York City apartment of Polymarket CEO Shayne Coplan, reports say
- Douglas DC-4 plane crashes into river outside Fairbanks, Alaska; not clear how many people on board
Ranking
- He failed as a service dog. But that didn't stop him from joining the police force
- NHL playoffs early winners, losers: Mark Stone scores, Islanders collapse
- KC mom accused of decapitating 6-year-old son is competent to stand trial, judge rules
- US health officials warn of counterfeit Botox injections
- Disruptions to Amtrak service continue after fire near tracks in New York City
- Most distant spacecraft from Earth sends data to NASA for first time in 5 months
- What is TGL? Tiger Woods' virtual golf league set to debut in January 2025
- Watch Florida man vs. gator: Man wrangles 8-foot alligator with bare hands on busy street
Recommendation
-
Infowars auction could determine whether Alex Jones is kicked off its platforms
-
Alabama lawmakers advance bill to ensure Biden is on the state’s ballot
-
Cyberattacks are on the rise, and that includes small businesses. Here’s what to know
-
Cyberattacks are on the rise, and that includes small businesses. Here’s what to know
-
'Yellowstone' premiere: Record ratings, Rip's ride and Billy Klapper's tribute
-
Crew members injured in crash on Georgia set of Eddie Murphy Amazon MGM movie ‘The Pickup’
-
You Might've Missed Henry Cavill's Pregnant Girlfriend Natalie Viscuso's My Super Sweet 16 Cameo
-
The Biden Administration Makes Two Big Moves To Conserve Public Lands, Sparking Backlash From Industry