Hackers Steal Personal Data of 11 Million People From HCA Healthcare
In a recent data breach, hackers have successfully stolen the personal data of approximately 11 million patients from HCA Healthcare, one of the largest companies in the United States. The breach occurred when an unknown and unauthorized party posted patient accounts on an online forum. HCA Healthcare, with a dataset of around 27 million accounts, is concerned that some of the stolen information may be up for sale.
It is worth noting that the compromised data does not include critical medical records. The files were taken from an external storage location that was exclusively used for email formatting automation. HCA Healthcare assured that clinical data such as treatment, diagnosis, and condition information, payment information, user passwords, driver’s licenses, and Social Security numbers were unaffected by the breach. However, patient names, email addresses, phone numbers, birth dates, and information about medical appointments were compromised.
Although the stolen data may not include highly sensitive information, experts warn that it can still be used for fraudulent activities or identity theft. For instance, security consultant Andrew Sternke explains that the stolen data provides enough information for hackers to steal identities and potentially sell the data to acquire fraudulent medical services. This breach affects patients in nearly two dozen states, including a significant number of individuals in facilities located in Florida and Texas.
HCA Healthcare has taken immediate action upon discovering the breach. They reported the event to law enforcement and enlisted the help of third-party forensic and threat intelligence advisors. As part of containment measures, HCA Healthcare disabled user access to the storage location. Furthermore, the company plans to contact all impacted patients, providing them with additional information, support, and credit monitoring and identity protection services as needed.
The data breach was initially flagged on Twitter by Brett Callow, an analyst at Emsisoft. He noted that this breach could potentially be one of the biggest healthcare-related breaches of the year and even of all time. However, Callow stated that based on HCA’s statement, it doesn’t appear to have compromised diagnoses or other sensitive medical information. Nevertheless, the hacker has claimed to possess emails with health diagnosis that correspond to a clientID, raising concerns about the extent of the breach.
In summary, HCA Healthcare, one of the largest companies in the United States, has experienced a significant data breach, resulting in the compromise of personal information belonging to approximately 11 million patients. While critical medical records remain unaffected, patient names, contact details, and appointment information were exposed. HCA Healthcare has taken immediate steps to address the breach and assist impacted patients. As investigations continue, it is crucial for affected individuals to remain vigilant and take necessary precautions to safeguard their personal information.