HCA Healthcare announces data breach of some patient data

NASHVILLE, Tenn. — One of the nation’s leading healthcare providers announced that patients’ personal data was exposed in a data breach, with information made available on an online forum.

>> Read more trending news

HCA Healthcare, based in Nashville, Tennessee, announced the breach in a news release on Monday. According to Bloomberg, approximately 11 million patients were affected.

HCA operates 184 hospitals and approximately 2,000 care sites in 21 states and the United Kingdom, according to a company factsheet.

According to the company, the list included information such as patient names, zip codes, and emails, The Wall Street Journal reported. That information was made available by “an unknown and unauthorized party” on the online forum, HCA said.

The company said the data breach did not include clinical information, such as treatment, diagnosis, or condition; payment information, such as credit card numbers or account numbers; and sensitive information, such as passwords, driver’s license numbers or Social Security numbers.

HCA said the breach “appears to be a theft from an external storage location exclusively used to automate the formatting of email messages,” The Wall Street Journal reported. The company added that it believed that the list contained 27 million rows of data on about 11 million patients, Bloomberg reported.

According to Bloomberg, HCA said it has reported the incident to law enforcement and has hired advisers to help in an investigation.

Patients affected by the breach will be contacted by the company, which will offer credit monitoring and identity protection services “where appropriate,” WZTV reported.

HCA officials added that the incident has not disrupted any care or services provided to patients, according to WSMV-TV.

HCA operates 45 facilities in Florida, nine in Georgia, seven in North Carolina and three in South Carolina, according to the company’s factsheet.