Skip to main content
close search
site logo
Dive Brief

HCA reports data security incident affecting estimated 11M patients

Published July 10, 2023
Emily Olsen's headshot
Reporter
A single opened padlock glows red among rows of closed blue padlocks.
JuSun via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • HCA Healthcare on Monday reported a data security incident where personal information including patient names and contact details was stolen and posted online. The data lists could contain 27 million rows of data with information from about 11 million patients who received care at HCA hospitals or physicians’ offices in 20 states. 
  • The health system, which is the largest in the country, said it appears the data was taken from an external storage location used to automatically format emails. An investigation led by HCA is ongoing, and HCA said it reported the incident to law enforcement and retained third-party forensic and intelligence advisors.
  • The system said the list included patient name, city, state and zip code; email address, phone number, date of birth and gender; service dates, location and dates of their next appointments. However, the stolen data didn’t include clinical information, payment details like credit card numbers or sensitive information like passwords or social security numbers. 

Dive Insight: 

Healthcare data breaches have exposed 385 million patient records from 2010 through 2022, according to federal reports. Hacking incidents have soared over the past five years while other types of breaches — like theft, data loss or improper disclosure — have dipped.

Data breaches have become more expensive for the healthcare industry, with the average cost of a breach reaching more than $10 million last year, according to an IBM Security report — a 42% increase from 2020. 

HCA said the incident hasn’t affected day-to-day operations at its facilities, and it doesn’t currently expect the breach to impact financial results. The system also will offer to provide credit monitoring and identity protection services to at least some of those affected.

“While our investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident,” the health system wrote in a press release. “The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support.”

Editors' picks

Company Announcements

View all | Post a press release
Healthworx partners with Highmark Inc, LifeBridge Health for new accelerator program
From Healthworx
July 30, 2024
MindMetrix Launches Comprehensive Mental Health Assessment Tool for Hospitals, Practices, and …
From MindMetrix
August 08, 2024
Catalyst Solutions to lead the Medicaid Modernization Panel at MESC24 on State of Florida's Mo…
From Catalyst Solutions
August 02, 2024
Wiley to Expand Reach and Impact of Medical Education Programs to More Than 2.8 million Health…
From Wiley
July 31, 2024
Editors' picks
Latest in Hospitals
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell