According to the Security Affairs website, HCA Medical recently disclosed a cyber attack in which the personal information of about 11 million patients was leaked.
On July 5th, HCA Healthcare discovered a security incident when a threat actor advertised on an underground forum that he had compromised HCA. In order to prove the authenticity of the "record", the threat actor also released parts including the patient's name, city, state and zip code, email, phone number, date of birth, gender, as well as the date of service, location and next appointment date Patient Sensitive Personal Information.
Notably, the cyberthreat attackers did not expose sensitive clinical patient information such as patient treatment, diagnosis or condition, payment information, credit card or account numbers, passwords, driver's license or social security numbers. The leaked patient information is understood to have flowed from an external storage location designed to automatically format email messages.
HCA Healthcare discloses data breach may affect 11 million patients
Upon becoming aware of a possible cyberattack, HCA Healthcare immediately notified law enforcement and launched a rigorous investigation into the security breach with the help of third-party forensics and threat intelligence consultants. As of press time, the investigation is still ongoing, and HCA has not found evidence of malicious activity on its network or systems related to this incident.
HCA Healthcare said it does not internally believe that the patient information breach involved clinical information (such as treatment, diagnosis, or condition), payment information (such as credit card or account numbers), or other sensitive information (such as passwords, driver's licenses, or social security numbers). ). The investigation into the details of the incident is still ongoing and it is not yet possible to confirm how many patients were affected.
But HCA Healthcare noted that the leaked list contained approximately 27 million rows of data, which may have included personal information for approximately 11 million HCA Healthcare patients. In response to the patient data breach, HCA Healthcare disabled user access to the storage location, but care and services to patients and the community continued.
Based on currently known information, HCA does not believe that the patient information breach will have a material impact on its business or financial performance, nor has it had any impact on its day-to-day operations.