HCA Healthcare reveals cybersecurity breach compromising personal data of 11 million US patients across 20 states, while HCA UK assures no impact on UK data and corporate schemes.
HCA Healthcare, with headquarters in Tennessee and a presence across 186 hospitals and over 2,000 healthcare facilities in the US and UK has reported a breach which has resulted in the exposure of sensitive information, including email communication details used for appointment reminders and healthcare programme information.
Patient data that has been compromised includes vital details such as names, addresses, emails, phone numbers, dates of birth, gender, patient service dates, locations, and even the dates of their subsequent appointments.
HCA UK has confirmed that the breach has not affected UK data saying: “The systems of HCA Healthcare UK have not been affected and data of patients that have been cared for at HCA Healthcare UK facilities has not been impacted.”
The breach, according to the business, looked to be related to a theft from an outside storage facility used only to automate email message formatting.
HCA Healthcare says: “HCA Healthcare reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. While our investigation is ongoing, the company has not identified evidence of any malicious activity on HCA Healthcare networks or systems related to this incident.
“The company disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate.”
The parent company has confirmed that the breach has not affected care, services, or regular operations. Additionally, the parent company foresees no adverse impact on business, operations, or financial outcomes stemming from the breach.
