HCA Healthcare data breach leaks 11 million patients’ personal data

HCA Healthcare said around 11 million patients’ have had their data stolen after a post on a known cybercrime forum claimed it was selling the data.

In an online notice the US healthcare giant confirmed that data stolen contains information used for email messages, such as appointment reminders and education on healthcare programs and services.

HCA, which operates 180 hospitals and over 2,300 sites across 20 states, as well as sites in the UK, said data includes patient names; address data; patient email addresses; phone numbers; dates of birth; gender; and patient service dates.

However breached data does not include clinical information, payment information, or sensitive information, such as passwords, driver’s license or social security numbers.

How the data ended up on a cybercrime forum is unknown.

DataBreaches.net first reported the seller’s forum post on 5 July, in which the seller claimed to have 27 million rows of information.

According to the publication, the hacker contacted HCA on 4 July and said HCA had “until the 10th” to meet its demands but no demands were stated in the forum post.

There has been no disruption to day-to-day operations, HCA claimed, however any patient that has received services from HCA could be affected by the leak and the incident has been reported to law enforcement as an investigation is underway.

The healthcare giant is currently in the process of mailing patients that have had their personal data stolen.

“The volume of cyber-attacks will continue to remain high and each time, they act as a reminder that cyber security and cyber resiliency must remain a priority for organisations,” said Achi Lewis, Area VP EMEA for Absolute Software, who commented on the data breach.

“Being vigilant that an attack could occur at any moment should be the approach all businesses take to effectively prepare, including new technologies such as self-healing tech that can lock devices if they become vulnerable, automatically update core systems, and ensure devices are back online as quickly as possible.”

Lewis added that attacks can cause havoc for businesses which can continue for weeks and even months.

To prevent any further breaches, HCA said it has disabled user access to the storage location as an immediate containment measure. It claimed to also have several robust security strategies, systems, and protocols in place to help protect data.

Elsewhere, Russian-based cyber gang Clop is continuing to cause havoc among enterprises. The MOVEit mass-hack has claimed yet more victims, including hotel chain Radisson, US-based 1st Source Bank, real estate giant Jones Lang LaSalle and Dutch GPS company TomTom.

To see what you can do to keep your business safe, read our 2022 Ransomware report here.